dependabot[bot]
dc132f8d6b
Bump actions/create-github-app-token from 2.2.0 to 2.2.1
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](7e473efe3c...29824e69f5support@github.com >
2025-12-07 16:01:11 +00:00
dependabot[bot]
f7daeaadf0
Bump actions/checkout from 5 to 6
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-24 19:42:08 +00:00
dependabot[bot]
b02431692b
Bump actions/create-github-app-token from 2.1.4 to 2.2.0
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.1.4 to 2.2.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](6701853927...7e473efe3csupport@github.com >
2025-11-23 16:01:14 +00:00
dependabot[bot]
dbb03871b7
Bump actions/setup-node from 5 to 6
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-19 16:01:11 +00:00
dependabot[bot]
328a418469
Bump actions/setup-node from 4 to 5
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 4 to 5.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-10 20:21:11 +00:00
dependabot[bot]
a62b0915e2
Bump actions/checkout from 4 to 5
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-10 20:18:16 +00:00
dependabot[bot]
500eae7acf
Bump actions/create-github-app-token from 2.1.1 to 2.1.4
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.1.1 to 2.1.4.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](a8d6161485...6701853927support@github.com >
2025-09-14 16:01:12 +00:00
dependabot[bot]
c1d60bae80
Bump actions/create-github-app-token from 2.0.6 to 2.1.1
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.0.6 to 2.1.1.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](df432ceedc...a8d6161485support@github.com >
2025-08-17 16:34:29 +00:00
dependabot[bot]
b8623e7fe6
Bump actions/publish-immutable-action from 0.0.3 to 0.0.4
...
Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action ) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/actions/publish-immutable-action/releases )
- [Commits](https://github.com/actions/publish-immutable-action/compare/0.0.3...v0.0.4 )
---
updated-dependencies:
- dependency-name: actions/publish-immutable-action
dependency-version: 0.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-05-11 16:49:18 +00:00
dependabot[bot]
2c22a370e3
Bump actions/create-github-app-token from 2.0.2 to 2.0.6
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.0.2 to 2.0.6.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](3ff1caaa28...df432ceedcsupport@github.com >
2025-05-09 23:38:31 +00:00
Jeff Widman
6ad01a0495
Add workflow to publish new version of immutable action on every release ( #623 )
...
Adds a workflow that publishes a new version of the immutable action package
for this action on every release.
Co-authored-by: Nish Sinha <nishnha@github.com >
2025-05-09 17:37:39 -06:00
Jeff Widman
8ca800c164
Enable caching of npm install/npm ci for setup-node action ( #618 )
...
They now support caching the results of `npm install`/`npm ci`:
https://github.blog/changelog/2021-07-02-github-actions-setup-node-now-supports-dependency-caching/
2025-04-14 08:58:10 -07:00
dependabot[bot]
a09d4affbb
Bump actions/create-github-app-token from 1.11.3 to 2.0.2
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.11.3 to 2.0.2.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](67e27a7eb7...3ff1caaa28support@github.com >
2025-04-11 16:34:33 +00:00
Jeff Widman
3a5ce46470
Remove unnecessary hardcoding of ref ( #617 )
...
I'm copying the setup of one of these actions to another repo, and the
hardcoding of `ref` surprised me... these should be the same as the
defaault behavior. I checked with Barry who originally committed these
files, and he didn't remember why... possibly he'd hardcoded them when
testing the action and forgot to remove them.
So let's pull them out to remove confusion.
2025-04-11 09:33:37 -07:00
dependabot[bot]
ae47413891
Bump actions/create-github-app-token from 1.11.0 to 1.11.3
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.11.0 to 1.11.3.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](5d869da34e...67e27a7eb7support@github.com >
2025-02-09 16:51:46 +00:00
dependabot[bot]
d664895d57
Bump actions/create-github-app-token from 1.10.3 to 1.11.0
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.10.3 to 1.11.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](31c86eb3b3...5d869da34esupport@github.com >
2024-09-15 16:24:34 +00:00
dependabot[bot]
910e3275e8
Bump actions/create-github-app-token from 1.10.2 to 1.10.3
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](ad38cffc07...31c86eb3b3support@github.com >
2024-07-07 16:08:17 +00:00
dependabot[bot]
9c55ebe618
Bump actions/create-github-app-token from 1.10.0 to 1.10.2
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.10.0 to 1.10.2.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](a0de6af839...ad38cffc07support@github.com >
2024-06-30 16:03:41 +00:00
dependabot[bot]
aec2f3e196
Bump actions/create-github-app-token from 1.9.0 to 1.10.0
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](f2acddfb51...a0de6af839support@github.com >
2024-05-05 16:05:17 +00:00
Jeff Widman
7c323d50f1
Switch to monthly release cadence
...
We'd like to start releasing monthly so that we don't fall quite so far behind... based on past commit frequency, most of these releases will only contain merged :dependabot: PR's bumping our deps, but this way we find out quickly if a dep breaks our action.
2024-04-24 10:05:00 -04:00
Jeff Widman
dc2c459ae6
v2 is the new tracking tag (#506 )
...
We're about to cut a new major version of this action,
and we don't anticipate any further releases of the `v1`
line.
So I simply updated the automation to float the `v2` tag.
Technically we could make it so it intelligently looks at
the release number and updates the appropriate tag, but
that'd be a bit more work and we don't need that complexity
in this repo right now given our very infrequent cadence of
bumping major versions.
As explained in a [code comment](f2f0ad1522/.github/workflows/release-move-tracking-tag.yml (L11-L28)
2024-03-21 14:28:04 -07:00
Jeff Widman
e21c9fbf3d
Switch to the official action for managing app tokens ( #504 )
...
Improve security by switching to the official GitHub action
for managing app tokens. More [details](https://github.com/tibdex/github-app-token/issues/99#issuecomment-1787602874 ).
The `repositories` key is safe to remove because per
the [docs](https://github.com/actions/create-github-app-token?tab=readme-ov-file#repositories ):
> If owner and repositories are empty, access will be scoped to only the current repository.
2024-03-21 01:25:10 -07:00
Jeff Widman
3e1bcb99a1
Scope app token to only this repo for security ( #501 )
...
https://github.com/dependabot/fetch-metadata/pull/442 bumped to a new version
of this action which now supports a `"repositories"` key that scopes the token
to the designated repositories.
2024-03-20 21:19:31 -07:00
dependabot[bot]
f9af96f1e7
Bump tibdex/github-app-token from 1.8.2 to 2.1.0
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.8.2 to 2.1.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](0d49dd7211...3beb63f4bdsupport@github.com >
2024-03-21 03:28:08 +00:00
dependabot[bot]
5bb91d5835
Bump actions/setup-node from 3 to 4
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-11-27 15:30:17 -08:00
dependabot[bot]
1c15625b1b
Bump actions/checkout from 3 to 4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-09-10 16:58:34 +00:00
dependabot[bot]
9243bcbec4
Bump tibdex/github-app-token from 1.8.0 to 1.8.2
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.8.0 to 1.8.2.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](b62528385c...0d49dd7211support@github.com >
2023-09-03 16:29:06 +00:00
Jeff Widman
06df9f85d6
Check for uncommitted files beyond dist/ directory ( #278 )
...
This checks for _any_ delta in the git repo, not just the `dist/`
directory. Any change should fail CI until it's either committed or
added to `.gitignore`.
Additionally, I clarified the script name/code slightly to explain why
it's needed/handled separately from checking for uncommitted files.
2023-07-25 16:18:05 +00:00
AbdulFattaah Popoola
f5e0b6a123
Aggressively group prod and dev dependencies
...
Use wildcard matching to aggregate prod and dev updates into two separate groups
2023-07-19 10:48:18 -07:00
AbdulFattaah Popoola
b1debf3fda
Generate Dependabot PRs on Sundays weekly
...
See discussion here: github/dependabot-updates#4400 (comment)
2023-07-18 14:27:24 -07:00
Bryan Dragon
c75f584732
Update dependabot.yml
...
Schedule weekly on Mondays at 16:00 UTC
2023-07-06 16:09:07 -06:00
Jeff Widman
d1defa4769
Switch to using an app token instead of a PAT ( #362 )
...
The app token will persist even as users come/go from the :dependabot:
team.
It also allows us more finegrained access controls from the app settings
page if we need to suddenly lockdown something, we don't have to rely on
the person who created the PAT.
2023-05-23 18:01:02 -07:00
Jeff Widman
3077e54b98
Group :dependabot: PR's for eslint-related deps ( #374 )
...
There are multiple deps that are `eslint`-related, and since they're all related to a linter, it's very safe to merge them as a single group.
So try kicking the tires on the new "grouping" feature that the :dependabot: team is working on.
2023-05-22 10:15:05 -07:00
Jeff Widman
a2a3a43b4a
Add workflow for floating the v1 tag to the latest release ( #361 )
...
This adds a workflow for floating the `v1` tag to the latest release.
This way we reduce the chance of someone fat-fingering the necessary
`git` commands.
2023-05-19 08:37:20 -07:00
Jeff Widman
6c5b8c2d48
Add workflow for creating release PR's ( #360 )
...
Add a workflow for creating release PR's. This way we don't have to do
it locally, and we guarantee the `npm` version used to generate the
version bump is consistent and stays in-sync with the repo instead of
whatever the dev happened to have on their local computer.
2023-05-18 11:56:46 -07:00
Jeff Widman
c40140bc51
Stop using deprecated set-output ( #370 )
...
The initial impetus for this change was:
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
However, it turns out the entire step is unnecesary since
`actions/setup-node` supports directly reading the `.nvmrc` file.
2023-05-18 11:05:35 -07:00
Jeff Widman
4ada81eca0
Remove unused step ( #358 )
...
The output of looking for metadata is never used in this workflow, so
delete the step.
2023-05-17 10:49:26 -07:00
Jeff Widman
14d75f3862
No need to request escalated permissions for GITHUB_TOKEN ( #357 )
...
Several of these job steps that use `GITHUB_TOKEN` are read-only
operations, so they don't need elevated permissions for the
`GITHUB_TOKEN`.
And the jobs that _do_ need elevated permissions we're already using a
PAT, so it's not even using the `GITHUB_TOKEN`.
So no need for any custom permissions on the `GITHUB_TOKEN` at all.
2023-05-17 10:46:35 -07:00
Jeff Widman
597dd46738
Inline the PR URL ( #359 )
...
I'm not sure why this went to the trouble of using an env token, I am
fairly sure this can be inlined.
2023-05-17 10:32:42 -07:00
Jeff Widman
b3bc7993c0
Use the full email for the GitHub Actions bot ( #354 )
...
This is an aesthetic tweak to let the proper avatar show up:
* https://github.com/orgs/community/discussions/26560
* https://github.com/actions/checkout/pull/1184
2023-05-01 20:17:34 -07:00
Barry Gordon
2c14e91d87
Fix typo in build workflow
2022-04-20 11:10:47 +01:00
Barry Gordon
5566d3bb08
Avoid using actor
2022-04-20 10:04:52 +01:00
Barry Gordon
9a3ea4fc12
Correctly checkout the repository to use the local action
2022-04-20 09:59:02 +01:00
Barry Gordon
221b2c09c5
Prefer npm to NPM
...
Co-authored-by: Jurre <jurre@github.com >
2022-04-19 20:01:37 +01:00
Barry Gordon
a20aed188f
Fix script path
2022-04-19 20:00:27 +01:00
Barry Gordon
a5e702392a
Use a single automation PAT
2022-04-19 20:00:27 +01:00
Barry Gordon
f9682a0a6a
Add a workflow to compile dist/ for Dependabot PRs
2022-04-19 20:00:27 +01:00
Barry Gordon
6790cb69ed
Use a separate workflow to check the diff compilation
2022-04-19 20:00:26 +01:00
Barry Gordon
083b8484d8
Dependabot checks monthly, and checks GitHub Actions
2022-04-19 20:00:23 +01:00
Jack Bates
0caf82fe41
Default github-token
2022-02-23 09:57:53 -07:00
