diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 67688292f3..93aff9bd05 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -32,18 +32,23 @@ inputs: persist-credentials: description: 'Whether to configure the token or SSH key with the local git config' default: 'false' + allow-unsafe-pr-checkout: + description: 'Whether to allow checkout for pull_request_target and workflow_run' + default: 'false' + runs: using: 'composite' steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ inputs.ref }} token: ${{ inputs.token }} persist-credentials: ${{ inputs.persist-credentials }} + allow-unsafe-pr-checkout: ${{ inputs.allow-unsafe-pr-checkout }} - name: Setup pnpm - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9 with: version: ${{ inputs.pnpm-version }} - name: Resolve registry URL diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b96838a646..c38e6c9f67 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -39,7 +39,16 @@ updates: - dependency-name: 'yargs' update-types: ['version-update:semver-major'] - package-ecosystem: 'github-actions' - directory: '/' + directories: + - '/' + - '/.github/actions/check-pr' + - '/.github/actions/commit-and-tag' + - '/.github/actions/changesets-fixed-version-bump' + - '/.github/actions/merge-and-write-changelogs' + - '/.github/actions/get-changelog' + - '/.github/actions/setup' + - '/.github/actions/check-public-api' + - '/.github/actions/check-license' schedule: interval: 'weekly' time: '01:00' diff --git a/.github/workflows/auto-dependabot-fix.yml b/.github/workflows/auto-dependabot-fix.yml index 74e36b8b6c..ed2ea2492f 100644 --- a/.github/workflows/auto-dependabot-fix.yml +++ b/.github/workflows/auto-dependabot-fix.yml @@ -26,6 +26,7 @@ jobs: token: ${{ steps.app-token.outputs.token }} persist-credentials: true registry-token: ${{ secrets.NPM_TOKEN_ARTIFACTORY }} + allow-unsafe-pr-checkout: true - name: Commit Changes if needed env: BOT_EMAIL: ${{ vars.SAP_CLOUD_SDK_BOT_EMAIL }} diff --git a/.github/workflows/check-pr.yml b/.github/workflows/check-pr.yml index 63b3f58031..ca9280bfa2 100644 --- a/.github/workflows/check-pr.yml +++ b/.github/workflows/check-pr.yml @@ -21,7 +21,7 @@ jobs: with: files: | .changeset/** - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false sparse-checkout: | diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0915b65cb0..f717badc3a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. diff --git a/.github/workflows/fosstars-report.yml b/.github/workflows/fosstars-report.yml index f90ed42127..29f1570413 100644 --- a/.github/workflows/fosstars-report.yml +++ b/.github/workflows/fosstars-report.yml @@ -13,7 +13,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - uses: SAP/fosstars-rating-core-action@daf10c3920b53405f6013ee987e7015525fdec30 # v1.14.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 53626a1a82..31b01a09da 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,7 +42,7 @@ jobs: run: | pnpm changeset publish - name: Checkout Docs - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: SAP/cloud-sdk token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 2d502b212a..19e3ca7387 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -18,7 +18,7 @@ jobs: actions: read steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false