mirror of
https://github.com/ohmyzsh/ohmyzsh.git
synced 2026-03-23 12:49:50 +00:00
0da938f05f
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.15.1 to 2.16.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](58077d3c7e...fa2e9d605c)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.16.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
44 lines
1.5 KiB
YAML
44 lines
1.5 KiB
YAML
name: Update dependencies
|
|
on:
|
|
workflow_dispatch: {}
|
|
schedule:
|
|
- cron: "0 6 * * 0"
|
|
|
|
jobs:
|
|
check:
|
|
name: Check for updates
|
|
runs-on: ubuntu-latest
|
|
if: github.repository == 'ohmyzsh/ohmyzsh'
|
|
permissions:
|
|
contents: write # this is needed to push commits and branches
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Authenticate as @ohmyzsh
|
|
id: generate-token
|
|
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
|
with:
|
|
app-id: ${{ secrets.OHMYZSH_APP_ID }}
|
|
private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }}
|
|
- name: Setup Python
|
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
|
with:
|
|
python-version: "3.12"
|
|
cache: "pip"
|
|
- name: Process dependencies
|
|
env:
|
|
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
|
|
GIT_APP_NAME: ohmyzsh[bot]
|
|
GIT_APP_EMAIL: 54982679+ohmyzsh[bot]@users.noreply.github.com
|
|
TMP_DIR: ${{ runner.temp }}
|
|
run: |
|
|
pip install -r .github/workflows/dependencies/requirements.txt
|
|
python3 .github/workflows/dependencies/updater.py
|