diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0f8ddb8..2e67acc 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,9 +8,16 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" + interval: "cron" + cronjob: "15 22 5,20 * *" # At 22:15, every 5th and 20th day of the month. open-pull-requests-limit: 5 commit-message: prefix: "GH Actions:" labels: - "chores/QA" + groups: + action-runners: + applies-to: version-updates + update-types: + - "minor" + - "patch" diff --git a/.github/workflows/reusable-actionlint.yml b/.github/workflows/reusable-actionlint.yml index c1ceb7e..bad51d6 100644 --- a/.github/workflows/reusable-actionlint.yml +++ b/.github/workflows/reusable-actionlint.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Add problem matcher if: ${{ github.event_name == 'pull_request' }} diff --git a/.github/workflows/reusable-merge-conflict-check.yml b/.github/workflows/reusable-merge-conflict-check.yml index 3cbe1a8..8165dde 100644 --- a/.github/workflows/reusable-merge-conflict-check.yml +++ b/.github/workflows/reusable-merge-conflict-check.yml @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Create label if it doesn't exist" - uses: actions/github-script@v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | try { @@ -52,7 +52,7 @@ jobs: } - name: Check PRs for merge conflicts - uses: eps1lon/actions-label-merge-conflict@v3 + uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 # v3.0.3 with: repoToken: ${{ secrets.GITHUB_TOKEN }} dirtyLabel: ${{ inputs.dirtyLabel }}