From 19da20c581104b5b7f89cfe87465a416059a9fd4 Mon Sep 17 00:00:00 2001 From: Tyler Jang Date: Mon, 25 Mar 2024 15:06:13 -0700 Subject: [PATCH] cleanup and dependabot --- .github/dependabot.yaml | 15 +++++++++++++++ .github/workflows/scorecard.yml | 2 +- .trunk/trunk.yaml | 2 +- 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 .github/dependabot.yaml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..f2df73f --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,15 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + day: sunday + # trunk-ignore(yamllint/quoted-strings) + time: "08:00" # UTC + labels: [🤖 dependabot] + groups: + dependencies: + patterns: + - "*" + open-pull-requests-limit: 2 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 885d454..7a7f737 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -35,7 +35,7 @@ jobs: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 574467b..4704bd1 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -5,7 +5,7 @@ plugins: sources: - id: trunk uri: https://github.com/trunk-io/plugins - ref: v1.4.4 + ref: v1.4.5 - id: configs local: .