diff --git a/.github/renovate.json b/.github/renovate.json index 1b9a1230e..7a979c639 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,9 +1,14 @@ { + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended", + ":dependencyDashboard", + "helpers:pinGitHubActionDigests" + ], "labels": [ "dependencies" ], "rangeStrategy": "widen", - "dependencyDashboard": true, "automerge": true, "automergeType": "pr", "automergeStrategy": "rebase", diff --git a/.github/workflows/closing.yml b/.github/workflows/closing.yml index 311cce89d..75f8188e3 100644 --- a/.github/workflows/closing.yml +++ b/.github/workflows/closing.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Add closed question comment - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 if: | github.actor != 'renovate[bot]' && github.event.issue.state_reason == 'completed' && @@ -42,7 +42,7 @@ jobs: * In case you see a similar problem, please open a separate issue. * If you are happy with the outcome, don’t hesitate to support Weblate by making a [donation](https://weblate.org/donate/). - name: Add closed issue comment - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 if: | github.actor != 'renovate[bot]' && github.event.issue.state_reason == 'completed' && diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index 151de0c92..d6bd296d3 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -21,7 +21,7 @@ jobs: name: Sync labels runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 - - uses: srealmoreno/label-sync-action@v2 + - uses: actions/checkout@v4 # v4 + - uses: srealmoreno/label-sync-action@850ba5cef2b25e56c6c420c4feed0319294682fd # v2 with: clean-labels: true diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index 950f31ae3..a5c840650 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Add backlog comment - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 if: ${{ github.event.label.name == 'backlog' }} with: token: ${{ secrets.GITHUB_TOKEN }} @@ -33,7 +33,7 @@ jobs: In case you need this feature soon, please consider helping or push it by [funding the development](https://weblate.org/support/). - name: Add undecided comment - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 if: ${{ github.event.label.name == 'undecided' }} with: token: ${{ secrets.GITHUB_TOKEN }} @@ -46,7 +46,7 @@ jobs: Please try to clarify the use case or consider proposing something more generic to make it useful to more users. - name: Add question comment - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 if: ${{ github.event.label.name == 'question' }} with: token: ${{ secrets.GITHUB_TOKEN }} @@ -63,7 +63,7 @@ jobs: In case your question is already answered, [making a donation](https://weblate.org/donate/) is the right way to say thank you! - name: Add translate-toolkit comment - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 if: ${{ github.event.label.name == 'translate-toolkit' }} with: token: ${{ secrets.GITHUB_TOKEN }} @@ -72,7 +72,7 @@ jobs: The issue you've reported needs to be addressed in the [translate-toolkit](https://github.com/translate/translate/). Please file the issue there, and include links to any relevant specifications about the formats (if applicable). - name: Add good first issue comment - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 if: ${{ github.event.label.name == 'good first issue' }} with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index aaf700850..c7064a1fb 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -20,16 +20,16 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 - - uses: actions/cache@v4 + - uses: actions/checkout@v4 # v4 + - uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4 with: path: ~/.cache/pre-commit key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 with: python-version: '3.13' - - uses: astral-sh/setup-uv@v5 + - uses: astral-sh/setup-uv@4db96194c378173c656ce18a155ffc14a9fc4355 # v5 - name: detect method id: detect run: | diff --git a/.github/workflows/pull_requests.yaml b/.github/workflows/pull_requests.yaml index e589a46d7..5766b2221 100644 --- a/.github/workflows/pull_requests.yaml +++ b/.github/workflows/pull_requests.yaml @@ -22,7 +22,7 @@ jobs: name: Weblate automerge if: github.actor == 'weblate' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Enable Pull Request Automerge run: gh pr merge --rebase --auto "${{ github.event.pull_request.number }}" env: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 31bec3bd3..926ecce04 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -26,7 +26,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9 with: days-before-pr-stale: 30 days-before-pr-close: 14