Cleanup repo workflows (#85)

Update scorecard-action to [fix](ossf/scorecard-action#998) [failure](https://github.com/trunk-io/configs/actions/runs/8424216101). Also adds dependabot file to hopefully catch this proactively going forward.
trunk-io · Mar 27, 2024 · d1c4693 · d1c4693
1 parent 21062db
commit d1c4693
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+      day: sunday
+      # trunk-ignore(yamllint/quoted-strings)
+      time: "08:00" # UTC
+    labels: [🤖 dependabot]
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+    open-pull-requests-limit: 2
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -35,7 +35,7 @@ jobs:
           persist-credentials: false
 
       - name: Run analysis
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif

diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
@@ -5,7 +5,7 @@ plugins:
   sources:
     - id: trunk
       uri: https://github.com/trunk-io/plugins
-      ref: v1.4.4
+      ref: v1.4.5
 
     - id: configs
       local: .