diff --git a/.github/workflows/build-api.yml b/.github/workflows/build-api.yml index 82c09249..d2e112f2 100644 --- a/.github/workflows/build-api.yml +++ b/.github/workflows/build-api.yml @@ -26,18 +26,18 @@ jobs: run: working-directory: ${{ env.PACKAGE_DIR }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: true - - uses: actions/setup-python@v4 + - uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 - name: Build wheel & sdist run: | pip3 install build wheel python3 -m build --wheel --sdist - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: api-release path: | @@ -52,12 +52,12 @@ jobs: id-token: write if: startsWith(github.ref, 'refs/tags/api-v') && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: api-release path: dist - - uses: pypa/gh-action-pypi-publish@release/v1 + - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1 docs: needs: [publish] diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index 40ddc14a..d358a164 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: recursive diff --git a/.github/workflows/build-protocol.yml b/.github/workflows/build-protocol.yml index 21357a68..b6cd615f 100644 --- a/.github/workflows/build-protocol.yml +++ b/.github/workflows/build-protocol.yml @@ -28,15 +28,15 @@ jobs: run: working-directory: ${{ env.PACKAGE_DIR }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: true ref: ${{ github.event.pull_request.head.ref }} - - uses: actions/setup-python@v4 + - uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 - name: Install Protoc - uses: arduino/setup-protoc@v3 + uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3 with: version: "25.1" repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -45,7 +45,7 @@ jobs: run: ./generate_proto.sh - name: Add changes - uses: EndBug/add-and-commit@v9 + uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9 with: add: '["livekit-protocol/"]' default_author: github_actions @@ -58,18 +58,18 @@ jobs: run: working-directory: ${{ env.PACKAGE_DIR }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: true - - uses: actions/setup-python@v4 + - uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 - name: Build wheel & sdist run: | pip3 install build wheel python3 -m build --wheel --sdist - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: protocol-release path: | @@ -84,12 +84,12 @@ jobs: id-token: write if: startsWith(github.ref, 'refs/tags/protocol-v') && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: protocol-release path: dist - - uses: pypa/gh-action-pypi-publish@release/v1 + - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1 docs: needs: [publish] diff --git a/.github/workflows/build-rtc.yml b/.github/workflows/build-rtc.yml index 987a7fa5..9b721bb8 100644 --- a/.github/workflows/build-rtc.yml +++ b/.github/workflows/build-rtc.yml @@ -28,15 +28,15 @@ jobs: run: working-directory: ${{ env.PACKAGE_DIR }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: submodules: true ref: ${{ github.event.pull_request.head.ref }} - - uses: actions/setup-python@v4 + - uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 - name: Install Protoc - uses: arduino/setup-protoc@v3 + uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3 with: version: "25.1" repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -49,7 +49,7 @@ jobs: run: ./generate_proto.sh - name: Add changes - uses: EndBug/add-and-commit@v9 + uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9 with: add: '["livekit-rtc/"]' default_author: github_actions @@ -75,11 +75,11 @@ jobs: run: working-directory: ${{ env.PACKAGE_DIR }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: true - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 id: setup-python with: python-version: "3.11" @@ -89,7 +89,7 @@ jobs: env: CIBW_ARCHS: ${{ matrix.archs }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: rtc-release-${{ matrix.os }} path: livekit-rtc/dist/*.whl @@ -101,7 +101,7 @@ jobs: run: working-directory: ${{ env.PACKAGE_DIR }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: true @@ -110,7 +110,7 @@ jobs: pip3 install build python3 -m build --sdist - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: rtc-release-sdist path: livekit-rtc/dist/*.tar.gz @@ -180,13 +180,13 @@ jobs: id-token: write if: startsWith(github.ref, 'refs/tags/rtc-v') && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: pattern: rtc-release-* path: dist merge-multiple: true - - uses: pypa/gh-action-pypi-publish@release/v1 + - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1 docs: needs: [publish] diff --git a/.github/workflows/check-types.yml b/.github/workflows/check-types.yml index 1e8c8bbd..631c22d2 100644 --- a/.github/workflows/check-types.yml +++ b/.github/workflows/check-types.yml @@ -13,17 +13,17 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: recursive - name: Set up Python 3.9 - uses: actions/setup-python@v2 + uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2 with: python-version: 3.9 - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 with: enable-cache: true cache-dependency-glob: "uv.lock" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 84a8110a..9687bc5e 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -47,7 +47,7 @@ jobs: if: github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ inputs.branch }} submodules: true @@ -66,7 +66,7 @@ jobs: fi - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: "3.10" @@ -182,7 +182,7 @@ jobs: needs: detect runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.event.pull_request.merge_commit_sha }} @@ -217,11 +217,11 @@ jobs: run: working-directory: ./livekit-rtc steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: true - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 id: setup-python with: python-version: "3.11" @@ -231,7 +231,7 @@ jobs: env: CIBW_ARCHS: ${{ matrix.archs }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: dist-rtc-${{ matrix.os }} path: livekit-rtc/dist/*.whl @@ -245,7 +245,7 @@ jobs: run: working-directory: ./livekit-rtc steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: true @@ -254,7 +254,7 @@ jobs: pip3 install build python3 -m build --sdist - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: dist-rtc-sdist path: livekit-rtc/dist/*.tar.gz @@ -269,7 +269,7 @@ jobs: id-token: write steps: - name: Download build artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: pattern: dist-rtc-* path: dist @@ -279,7 +279,7 @@ jobs: run: ls -la dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1 # ── API build ──────────────────────────────────────────────── build-api: @@ -291,18 +291,18 @@ jobs: run: working-directory: ./livekit-api steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: true - - uses: actions/setup-python@v4 + - uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 - name: Build wheel & sdist run: | pip3 install build wheel python3 -m build --wheel --sdist - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: dist-api path: | @@ -319,7 +319,7 @@ jobs: id-token: write steps: - name: Download build artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: dist-api path: dist/ @@ -328,7 +328,7 @@ jobs: run: ls -la dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1 # ── Protocol build ─────────────────────────────────────────── build-protocol: @@ -340,18 +340,18 @@ jobs: run: working-directory: ./livekit-protocol steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: true - - uses: actions/setup-python@v4 + - uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 - name: Build wheel & sdist run: | pip3 install build wheel python3 -m build --wheel --sdist - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: dist-protocol path: | @@ -368,7 +368,7 @@ jobs: id-token: write steps: - name: Download build artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: dist-protocol path: dist/ @@ -377,7 +377,7 @@ jobs: run: ls -la dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1 # ── Docs ───────────────────────────────────────────────────── docs-rtc: diff --git a/.github/workflows/ruff.yml b/.github/workflows/ruff.yml index 67cbe491..983dca8a 100644 --- a/.github/workflows/ruff.yml +++ b/.github/workflows/ruff.yml @@ -4,13 +4,13 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 with: python-version: "3.9" - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 with: enable-cache: true cache-dependency-glob: "uv.lock" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 632918f6..5834e804 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -32,32 +32,32 @@ jobs: name: Test (${{ inputs.os }}, Python ${{ inputs.python-version }}) runs-on: ${{ inputs.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: true lfs: true - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: ${{ inputs.python-version }} allow-prereleases: true - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 with: enable-cache: true cache-dependency-glob: "uv.lock" - name: Download livekit-rtc wheel (current run) if: ${{ inputs.run-id == '' }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: ${{ inputs.artifact-name }} path: rtc-wheel - name: Download livekit-rtc wheel (from specific run) if: ${{ inputs.run-id != '' }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: ${{ inputs.artifact-name }} path: rtc-wheel diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..acb6fa52 --- /dev/null +++ b/renovate.json @@ -0,0 +1,16 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["config:base", "helpers:pinGitHubActionDigests"], + "minimumReleaseAge": "2 weeks", + "commitBody": "Generated by renovateBot", + "packageRules": [ + { + "matchManagers": ["github-actions"], + "groupName": "github workflows" + }, + { + "matchManagers": ["pip_requirements", "pip_setup", "pep621"], + "groupName": "python deps" + } + ] +}