diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9d1eded..325b0f5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,6 +7,8 @@ updates: directory: "/" # Location of package manifests schedule: interval: "monthly" + cooldown: + default-days: 7 - package-ecosystem: "github-actions" directory: "/" schedule: @@ -15,3 +17,5 @@ updates: actions: patterns: - "*" + cooldown: + default-days: 7 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 84a7b2d..cee1dee 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,6 +6,9 @@ on: - main pull_request: +permissions: + contents: read + defaults: run: shell: bash -l {0} @@ -31,10 +34,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + with: + persist-credentials: false - name: Setup Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 75e4c5d..1eb7b94 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,10 +16,12 @@ jobs: permissions: id-token: write steps: - - uses: actions/checkout@v5 - + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + with: + persist-credentials: false + - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: '3.x' - name: Install dependencies @@ -31,7 +33,7 @@ jobs: - name: Install built wheel run: pip install dist/*.whl - name: Echo current tag - run: echo ${{ github.ref }} + run: echo "$GITHUB_REF" - name: Get package version run: | export PACKAGE_VERSION=$(python -c 'import matplotlib_inline; print(matplotlib_inline.__version__)')