diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b843c155..eb918eb6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,10 +24,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v6 - - uses: pnpm/action-setup@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0 - name: Use Node.js 24 - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 24 # NPM v11.5.1 or later is required for OIDC, which ships with node v24 cache: pnpm @@ -42,8 +42,8 @@ jobs: name: REUSE-3.2 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: fsfe/reuse-action@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0 test: name: Test @@ -52,11 +52,11 @@ jobs: node-version: [20, 22, 24, latest] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: pnpm/action-setup@v4 - - uses: oven-sh/setup-bun@v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0 + - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ matrix.node-version }} cache: pnpm @@ -85,12 +85,12 @@ jobs: name: Build and release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: pnpm/action-setup@v4 + - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0 - name: Setup node - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 24 cache: pnpm @@ -106,7 +106,7 @@ jobs: - name: Create Release Pull Request or Publish to npm id: changesets - uses: changesets/action@v1 + uses: changesets/action@6a0a831ff30acef54f2c6aa1cbbc1096b066edaf # v1.7.0 with: publish: pnpm ci:publish env: diff --git a/.github/workflows/pin-check.yaml b/.github/workflows/pin-check.yaml new file mode 100644 index 00000000..f9bcc6e0 --- /dev/null +++ b/.github/workflows/pin-check.yaml @@ -0,0 +1,16 @@ +name: Pin Check +on: + workflow_dispatch: + pull_request: { paths: [.github/**] } +permissions: + contents: read +jobs: + pin-check: + name: Pin Check + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - name: Pin Check + uses: suzuki-shunsuke/pinact-action@cf51507d80d4d6522a07348e3d58790290eaf0b6 # v2.0.0 + with: { skip_push: true } \ No newline at end of file diff --git a/renovate.json b/renovate.json index 645f2001..8fc90b9a 100644 --- a/renovate.json +++ b/renovate.json @@ -2,6 +2,7 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["config:base"], "rangeStrategy": "auto", + "minimumReleaseAge": "2 weeks", "packageRules": [ { "schedule": "on the first day of the month", @@ -12,7 +13,8 @@ { "matchPackagePrefixes": ["@livekit", "livekit-"], "matchUpdateTypes": ["patch", "minor"], - "groupName": "Update LiveKit dependencies (non-major)" + "groupName": "Update LiveKit dependencies (non-major)", + "minimumReleaseAge": null }, { "matchPackagePrefixes": ["typescript"],