dependabot[bot]
dc132f8d6b
Bump actions/create-github-app-token from 2.2.0 to 2.2.1
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](7e473efe3c...29824e69f5support@github.com >
2025-12-07 16:01:11 +00:00
dependabot[bot]
f7daeaadf0
Bump actions/checkout from 5 to 6
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-24 19:42:08 +00:00
dependabot[bot]
b02431692b
Bump actions/create-github-app-token from 2.1.4 to 2.2.0
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.1.4 to 2.2.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](6701853927...7e473efe3csupport@github.com >
2025-11-23 16:01:14 +00:00
dependabot[bot]
dbb03871b7
Bump actions/setup-node from 5 to 6
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-19 16:01:11 +00:00
dependabot[bot]
328a418469
Bump actions/setup-node from 4 to 5
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 4 to 5.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-10 20:21:11 +00:00
dependabot[bot]
a62b0915e2
Bump actions/checkout from 4 to 5
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-10 20:18:16 +00:00
dependabot[bot]
500eae7acf
Bump actions/create-github-app-token from 2.1.1 to 2.1.4
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.1.1 to 2.1.4.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](a8d6161485...6701853927support@github.com >
2025-09-14 16:01:12 +00:00
dependabot[bot]
c1d60bae80
Bump actions/create-github-app-token from 2.0.6 to 2.1.1
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.0.6 to 2.1.1.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](df432ceedc...a8d6161485support@github.com >
2025-08-17 16:34:29 +00:00
dependabot[bot]
2c22a370e3
Bump actions/create-github-app-token from 2.0.2 to 2.0.6
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.0.2 to 2.0.6.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](3ff1caaa28...df432ceedcsupport@github.com >
2025-05-09 23:38:31 +00:00
Jeff Widman
8ca800c164
Enable caching of npm install/npm ci for setup-node action ( #618 )
...
They now support caching the results of `npm install`/`npm ci`:
https://github.blog/changelog/2021-07-02-github-actions-setup-node-now-supports-dependency-caching/
2025-04-14 08:58:10 -07:00
dependabot[bot]
a09d4affbb
Bump actions/create-github-app-token from 1.11.3 to 2.0.2
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.11.3 to 2.0.2.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](67e27a7eb7...3ff1caaa28support@github.com >
2025-04-11 16:34:33 +00:00
Jeff Widman
3a5ce46470
Remove unnecessary hardcoding of ref ( #617 )
...
I'm copying the setup of one of these actions to another repo, and the
hardcoding of `ref` surprised me... these should be the same as the
defaault behavior. I checked with Barry who originally committed these
files, and he didn't remember why... possibly he'd hardcoded them when
testing the action and forgot to remove them.
So let's pull them out to remove confusion.
2025-04-11 09:33:37 -07:00
dependabot[bot]
ae47413891
Bump actions/create-github-app-token from 1.11.0 to 1.11.3
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.11.0 to 1.11.3.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](5d869da34e...67e27a7eb7support@github.com >
2025-02-09 16:51:46 +00:00
dependabot[bot]
d664895d57
Bump actions/create-github-app-token from 1.10.3 to 1.11.0
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.10.3 to 1.11.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](31c86eb3b3...5d869da34esupport@github.com >
2024-09-15 16:24:34 +00:00
dependabot[bot]
910e3275e8
Bump actions/create-github-app-token from 1.10.2 to 1.10.3
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](ad38cffc07...31c86eb3b3support@github.com >
2024-07-07 16:08:17 +00:00
dependabot[bot]
9c55ebe618
Bump actions/create-github-app-token from 1.10.0 to 1.10.2
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.10.0 to 1.10.2.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](a0de6af839...ad38cffc07support@github.com >
2024-06-30 16:03:41 +00:00
dependabot[bot]
aec2f3e196
Bump actions/create-github-app-token from 1.9.0 to 1.10.0
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](f2acddfb51...a0de6af839support@github.com >
2024-05-05 16:05:17 +00:00
Jeff Widman
e21c9fbf3d
Switch to the official action for managing app tokens ( #504 )
...
Improve security by switching to the official GitHub action
for managing app tokens. More [details](https://github.com/tibdex/github-app-token/issues/99#issuecomment-1787602874 ).
The `repositories` key is safe to remove because per
the [docs](https://github.com/actions/create-github-app-token?tab=readme-ov-file#repositories ):
> If owner and repositories are empty, access will be scoped to only the current repository.
2024-03-21 01:25:10 -07:00
Jeff Widman
3e1bcb99a1
Scope app token to only this repo for security ( #501 )
...
https://github.com/dependabot/fetch-metadata/pull/442 bumped to a new version
of this action which now supports a `"repositories"` key that scopes the token
to the designated repositories.
2024-03-20 21:19:31 -07:00
dependabot[bot]
f9af96f1e7
Bump tibdex/github-app-token from 1.8.2 to 2.1.0
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.8.2 to 2.1.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](0d49dd7211...3beb63f4bdsupport@github.com >
2024-03-21 03:28:08 +00:00
dependabot[bot]
5bb91d5835
Bump actions/setup-node from 3 to 4
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-11-27 15:30:17 -08:00
dependabot[bot]
1c15625b1b
Bump actions/checkout from 3 to 4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-09-10 16:58:34 +00:00
dependabot[bot]
9243bcbec4
Bump tibdex/github-app-token from 1.8.0 to 1.8.2
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.8.0 to 1.8.2.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](b62528385c...0d49dd7211support@github.com >
2023-09-03 16:29:06 +00:00
Jeff Widman
d1defa4769
Switch to using an app token instead of a PAT ( #362 )
...
The app token will persist even as users come/go from the :dependabot:
team.
It also allows us more finegrained access controls from the app settings
page if we need to suddenly lockdown something, we don't have to rely on
the person who created the PAT.
2023-05-23 18:01:02 -07:00
Jeff Widman
c40140bc51
Stop using deprecated set-output ( #370 )
...
The initial impetus for this change was:
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
However, it turns out the entire step is unnecesary since
`actions/setup-node` supports directly reading the `.nvmrc` file.
2023-05-18 11:05:35 -07:00
Jeff Widman
14d75f3862
No need to request escalated permissions for GITHUB_TOKEN ( #357 )
...
Several of these job steps that use `GITHUB_TOKEN` are read-only
operations, so they don't need elevated permissions for the
`GITHUB_TOKEN`.
And the jobs that _do_ need elevated permissions we're already using a
PAT, so it's not even using the `GITHUB_TOKEN`.
So no need for any custom permissions on the `GITHUB_TOKEN` at all.
2023-05-17 10:46:35 -07:00
Jeff Widman
b3bc7993c0
Use the full email for the GitHub Actions bot ( #354 )
...
This is an aesthetic tweak to let the proper avatar show up:
* https://github.com/orgs/community/discussions/26560
* https://github.com/actions/checkout/pull/1184
2023-05-01 20:17:34 -07:00
Barry Gordon
2c14e91d87
Fix typo in build workflow
2022-04-20 11:10:47 +01:00
Barry Gordon
5566d3bb08
Avoid using actor
2022-04-20 10:04:52 +01:00
Barry Gordon
9a3ea4fc12
Correctly checkout the repository to use the local action
2022-04-20 09:59:02 +01:00
Barry Gordon
a5e702392a
Use a single automation PAT
2022-04-19 20:00:27 +01:00
Barry Gordon
f9682a0a6a
Add a workflow to compile dist/ for Dependabot PRs
2022-04-19 20:00:27 +01:00
