diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..4ccf67f3e --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +# See also: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + groups: + github-actions: + patterns: + - '*' diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a0649dc73..072df7fca 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -31,7 +31,7 @@ jobs: target: [ "pi0", "pi2", "pi02w", "pi4" ] steps: - name: checkout seedsigner-os - uses: actions/checkout@v3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: "seedsigner/seedsigner-os" # use the os-ref input parameter in case of workflow_dispatch or default to main in case of cron triggers @@ -42,7 +42,7 @@ jobs: fetch-depth: 0 - name: checkout source - uses: actions/checkout@v3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: # ref defaults to repo default-branch=dev (cron) or SHA of event (workflow_dispatch) path: "seedsigner-os/opt/rootfs-overlay/opt" @@ -78,7 +78,7 @@ jobs: ls -la src - name: restore build cache - uses: actions/cache@v3 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 # Caching reduces the build time to ~50% (currently: ~30 mins instead of ~1 hour, # while consuming ~850 MB storage space). with: @@ -113,9 +113,9 @@ jobs: ls -la seedsigner-os/images - name: upload images - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: - name: seedsigner_os_images + name: seedsigner_os_images_${{ matrix.target }} path: "seedsigner-os/images/*.img" if-no-files-found: error # maximum 90 days retention @@ -127,9 +127,8 @@ jobs: needs: build steps: - name: download images - uses: actions/download-artifact@v3 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: - name: seedsigner_os_images path: images - name: list images @@ -145,12 +144,12 @@ jobs: - name: write sha256sum run: | cd images - sha256sum *.img > seedsigner_os.${{ env.source_hash }}.sha256 + find . -name "*.img" -print0 | xargs -0 cat | sha256sum | tee seedsigner_os.${{ env.source_hash }}.sha256 - name: upload checksums - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: - name: seedsigner_os_images + name: seedsigner_os_images_sha256 path: "images/*.sha256" if-no-files-found: error # maximum 90 days retention diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 294e20beb..917da1ba7 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -26,9 +26,9 @@ jobs: python-version: ["3.10", "3.12"] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: ${{ matrix.python-version }} - name: Install dependencies @@ -56,9 +56,9 @@ jobs: python -m pytest tests/screenshot_generator/generator.py cp -r ./seedsigner-screenshots ./artifacts/ - name: Archive CI Artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: - name: ci-artifacts + name: ci-artifacts-${{ matrix.python-version }} path: artifacts/** retention-days: 10 # Upload also when tests fail. The workflow result (red/green) will