Lingering CI/CD pins, add cooldowns, remove template injections (#4906)
Signed-off-by: William Woodruff <william@yossarian.net>
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 9e3ff40..26083c8 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -8,9 +8,13 @@
schedule:
interval: "weekly"
labels: ["skip news", "C: dependencies"]
+ cooldown:
+ default-days: 7
- package-ecosystem: "pip"
directory: "docs/"
schedule:
interval: "weekly"
labels: ["skip news", "C: dependencies", "T: documentation"]
+ cooldown:
+ default-days: 7
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index ed52f4a..1279cba 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -68,4 +68,6 @@
tags: pyfound/black:latest_prerelease
- name: Image digest
- run: echo ${{ steps.docker_build.outputs.digest }}
+ run: echo ${STEPS_DOCKER_BUILD_OUTPUTS_DIGEST}
+ env:
+ STEPS_DOCKER_BUILD_OUTPUTS_DIGEST: ${{ steps.docker_build.outputs.digest }}
diff --git a/.github/workflows/pypi_upload.yml b/.github/workflows/pypi_upload.yml
index bfa6af7..94f4ad2 100644
--- a/.github/workflows/pypi_upload.yml
+++ b/.github/workflows/pypi_upload.yml
@@ -8,9 +8,7 @@
branches:
- main
-permissions:
- contents: read
- id-token: write # Required for PyPI trusted publishing
+permissions: {}
jobs:
main:
@@ -21,6 +19,9 @@
name: release
url: https://pypi.org/p/black
+ permissions:
+ id-token: write # Required for PyPI trusted publishing
+
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
@@ -42,7 +43,7 @@
- if: github.event_name == 'release'
name: Publish package distributions to PyPI
- uses: pypa/gh-action-pypi-publish@release/v1
+ uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
with:
verbose: true
@@ -99,6 +100,8 @@
environment:
name: release
url: https://pypi.org/p/black
+ permissions:
+ id-token: write # Required for PyPI trusted publishing
strategy:
fail-fast: false
matrix:
@@ -121,7 +124,7 @@
- if: github.event_name == 'release'
name: Publish package distributions to PyPI
- uses: pypa/gh-action-pypi-publish@release/v1
+ uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
with:
packages-dir: wheelhouse/
verbose: true
@@ -145,5 +148,7 @@
- if: github.event_name == 'release'
name: Update stable branch to release tag & push
run: |
- git reset --hard ${{ github.event.release.tag_name }}
+ git reset --hard "${TAG_NAME}"
git push
+ env:
+ TAG_NAME: ${{ github.event.release.tag_name }}
diff --git a/action.yml b/action.yml
index 9d0d793..733fcbe 100644
--- a/action.yml
+++ b/action.yml
@@ -64,7 +64,7 @@
# Display the raw output in the step
echo "${out}"
- if [ "${{ inputs.summary }}" == "true" ]; then
+ if [ "${INPUT_SUMMARY}" == "true" ]; then
# Display the Markdown output in the job summary
echo "\`\`\`python" >> $GITHUB_STEP_SUMMARY
echo "${out}" >> $GITHUB_STEP_SUMMARY
@@ -81,6 +81,7 @@
INPUT_BLACK_ARGS: ${{ inputs.black_args }}
INPUT_VERSION: ${{ inputs.version }}
INPUT_USE_PYPROJECT: ${{ inputs.use_pyproject }}
+ INPUT_SUMMARY: ${{ inputs.summary }}
OUTPUT_FILE: ${{ inputs.output-file }}
pythonioencoding: utf-8
shell: bash
