diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..1a218f5 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" # See documentation for possible values + directory: ".github/workflows" # Location of package manifests + schedule: + interval: "monthly" + groups: + actions: + patterns: + - "*" diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index a157ca6..8fe4937 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check change log entry - uses: scientific-python/action-check-changelogfile@6087eddce1d684b0132be651a4dad97699513113 # 0.2 + uses: scientific-python/action-check-changelogfile@1fc669db9618167166d5a16c10282044f51805c0 # 0.3 env: CHANGELOG_FILENAME: CHANGES.rst CHECK_MILESTONE: false diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e253d98..7325630 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,13 +22,13 @@ jobs: outputs: requirements-hash: ${{ steps.requirements-hash.outputs.hash }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - id: requirements-hash run: echo "::set-output name=hash::${{ hashFiles('**/pyproject.toml', '**/setup.*', 'tox.ini') }}" core: needs: [setup] - uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 with: cache-path: ~/.cache/pip cache-key: pip-${{ needs.setup.outputs.requirements-hash }} @@ -44,7 +44,7 @@ jobs: asdf-schemas: needs: [setup] - uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 with: cache-path: ~/.cache/pip cache-key: pip-${{ needs.setup.outputs.requirements-hash }} @@ -59,7 +59,7 @@ jobs: test: needs: [core, asdf-schemas] - uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 with: cache-path: ~/.cache/pip cache-key: pip-${{ needs.setup.outputs.requirements-hash }} @@ -73,7 +73,7 @@ jobs: dev: needs: [core, asdf-schemas] - uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 with: cache-path: ~/.cache/pip cache-key: pip-${{ needs.setup.outputs.requirements-hash }} @@ -88,7 +88,7 @@ jobs: oldest: needs: [core, asdf-schemas] - uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 with: cache-path: ~/.cache/pip cache-key: pip-${{ needs.setup.outputs.requirements-hash }} @@ -103,7 +103,7 @@ jobs: wheel_building: permissions: contents: none - uses: OpenAstronomy/github-actions-workflows/.github/workflows/publish_pure_python.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/publish_pure_python.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 if: (github.event_name == 'push' || github.event_name == 'pull_request') with: upload_to_pypi: false diff --git a/.github/workflows/downstream.yml b/.github/workflows/downstream.yml index 745959f..40d9be0 100644 --- a/.github/workflows/downstream.yml +++ b/.github/workflows/downstream.yml @@ -24,7 +24,7 @@ permissions: jobs: astropy: - uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 if: (github.repository == 'astropy/asdf-astropy' && (github.event_name == 'schedule' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'Downstream CI'))) with: submodules: false @@ -34,7 +34,7 @@ jobs: - linux: specutils stsci: - uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 if: (github.repository == 'astropy/asdf-astropy' && (github.event_name == 'schedule' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'Downstream CI'))) with: submodules: false @@ -47,7 +47,7 @@ jobs: - linux: roman_datamodels third-party: - uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 if: (github.repository == 'astropy/asdf-astropy' && (github.event_name == 'schedule' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'Downstream CI'))) with: submodules: false diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml index e509509..7ae17e2 100644 --- a/.github/workflows/publish-to-pypi.yml +++ b/.github/workflows/publish-to-pypi.yml @@ -12,7 +12,7 @@ jobs: permissions: contents: none if: (github.event_name == 'release') - uses: OpenAstronomy/github-actions-workflows/.github/workflows/publish_pure_python.yml@v1 + uses: OpenAstronomy/github-actions-workflows/.github/workflows/publish_pure_python.yml@924441154cf3053034c6513d5e06c69d262fb9a6 # v1.13.0 with: upload_to_pypi: true test_extras: test