diff --git a/.github/actions/pre-commit-setup/action.yml b/.github/actions/pre-commit-setup/action.yml index 234ae4a..c42af26 100644 --- a/.github/actions/pre-commit-setup/action.yml +++ b/.github/actions/pre-commit-setup/action.yml @@ -22,4 +22,4 @@ runs: python-version: '3.14' - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: - version: 0.11.13 + version: 0.11.12 diff --git a/.github/workflows/closing.yml b/.github/workflows/closing.yml index cb24a36..a8d28a7 100644 --- a/.github/workflows/closing.yml +++ b/.github/workflows/closing.yml @@ -17,8 +17,9 @@ permissions: contents: read jobs: - issueClosed: + issue-closed: permissions: + contents: read # for actions/checkout issues: write # for gh issue comment runs-on: ubuntu-slim steps: diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index af65f0f..fddf271 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,8 +15,8 @@ jobs: runs-on: ubuntu-slim steps: - name: Checkout Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Dependency Review - uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 + uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index b9c025e..4f64559 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -9,12 +9,13 @@ on: issues: types: [labeled] -permissions: - contents: read +permissions: {} jobs: - issueLabeled: + issue-labeled: + if: ${{ ! github.event.issue.pull_request && github.event.label.name == 'good first issue' }} permissions: + contents: read # for actions/checkout issues: write # for gh issue comment runs-on: ubuntu-slim steps: @@ -22,7 +23,6 @@ jobs: with: persist-credentials: false - name: Add good first issue comment - if: ${{ github.event.label.name == 'good first issue' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} ISSUE_NUMBER: ${{ github.event.issue.number }} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 0b0b43d..adc209d 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,6 +8,8 @@ name: Pre-commit check on: push: branches-ignore: + - copilot/** + - codex/** - renovate/** - weblate - dependabot/** @@ -21,7 +23,7 @@ jobs: runs-on: ubuntu-24.04-arm steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - uses: ./.github/actions/pre-commit-setup diff --git a/.github/workflows/pull_requests.yaml b/.github/workflows/pull_requests.yaml index a0f467b..29bfc57 100644 --- a/.github/workflows/pull_requests.yaml +++ b/.github/workflows/pull_requests.yaml @@ -3,25 +3,20 @@ # SPDX-License-Identifier: CC0-1.0 # This file is maintained in https://github.com/WeblateOrg/meta/ - name: Pull request automation on: # zizmor: ignore[dangerous-triggers] pull_request_target: types: opened -permissions: - contents: read +permissions: {} jobs: - weblate_automerge: + weblate-automerge: runs-on: ubuntu-slim name: Weblate automerge if: github.actor == 'weblate' steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - name: Enable Pull Request Automerge run: gh pr merge --rebase --auto "$PR_NUMBER" env: