From ec165e29a109590df6d5fa87f52dfb4a4b147106 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 4 May 2026 02:11:30 +0000 Subject: [PATCH] =?UTF-8?q?=E2=AC=86=EF=B8=8F(dependencies)=20Pin=20depend?= =?UTF-8?q?encies?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/crowdin_download.yml | 8 ++--- .github/workflows/crowdin_upload.yml | 12 ++++---- .github/workflows/dependencies.yml | 16 +++++----- .github/workflows/docker-hub.yml | 2 +- .github/workflows/docker-publish.yml | 14 ++++----- .github/workflows/e2e-tests.yml | 30 +++++++++---------- .github/workflows/ghcr.yml | 36 +++++++++++------------ .github/workflows/helmfile-linter.yaml | 2 +- .github/workflows/impress-frontend.yml | 36 +++++++++++------------ .github/workflows/impress.yml | 24 +++++++-------- .github/workflows/label_preview.yml | 2 +- .github/workflows/release-helm-chart.yaml | 6 ++-- 12 files changed, 94 insertions(+), 94 deletions(-) diff --git a/.github/workflows/crowdin_download.yml b/.github/workflows/crowdin_download.yml index 04897ac2b..3f875ca45 100644 --- a/.github/workflows/crowdin_download.yml +++ b/.github/workflows/crowdin_download.yml @@ -23,7 +23,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Create empty source files run: | touch src/backend/locale/django.pot @@ -31,7 +31,7 @@ jobs: touch src/frontend/packages/i18n/locales/impress/translations-crowdin.json # crowdin workflow - name: crowdin action - uses: crowdin/github-action@v2 + uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2 with: config: crowdin/config.yml upload_sources: false @@ -51,7 +51,7 @@ jobs: CROWDIN_BASE_PATH: "../src/" # frontend i18n - name: Restore the frontend cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: "src/frontend/**/node_modules" key: front-node_modules-${{ hashFiles('src/frontend/**/yarn.lock') }} @@ -61,7 +61,7 @@ jobs: run: yarn i18n:deploy # Create a new PR - name: Create a new Pull Request with new translated strings - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8 with: commit-message: | 🌐(i18n) update translated strings diff --git a/.github/workflows/crowdin_upload.yml b/.github/workflows/crowdin_upload.yml index 3eadde5e4..bdca376bd 100644 --- a/.github/workflows/crowdin_upload.yml +++ b/.github/workflows/crowdin_upload.yml @@ -23,12 +23,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 # Backend i18n - name: Install Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: - python-version: "3.13.3" + python-version: "3.14.4" cache: "pip" - name: Upgrade pip and setuptools run: pip install --upgrade pip setuptools @@ -36,7 +36,7 @@ jobs: run: pip install --user . working-directory: src/backend - name: Restore the mail templates - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 id: mail-templates with: path: "src/backend/core/templates/mail" @@ -52,7 +52,7 @@ jobs: DJANGO_CONFIGURATION=Build python manage.py makemessages -a --keep-pot # frontend i18n - name: Restore the frontend cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: "src/frontend/**/node_modules" key: front-node_modules-${{ hashFiles('src/frontend/**/yarn.lock') }} @@ -62,7 +62,7 @@ jobs: run: yarn i18n:extract # crowdin workflow - name: crowdin action - uses: crowdin/github-action@v2 + uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2 with: config: crowdin/config.yml upload_sources: true diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 21b8efb48..e2f24474b 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -23,16 +23,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Restore the frontend cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 id: front-node_modules with: path: "src/frontend/**/node_modules" key: front-node_modules-${{ hashFiles('src/frontend/**/yarn.lock') }} - name: Setup Node.js if: steps.front-node_modules.outputs.cache-hit != 'true' - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: ${{ inputs.node_version }} - name: Install dependencies @@ -40,7 +40,7 @@ jobs: run: cd src/frontend/ && yarn install --frozen-lockfile - name: Cache install frontend if: steps.front-node_modules.outputs.cache-hit != 'true' - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: "src/frontend/**/node_modules" key: front-node_modules-${{ hashFiles('src/frontend/**/yarn.lock') }} @@ -53,10 +53,10 @@ jobs: working-directory: src/mail steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Restore the mail templates - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 id: mail-templates with: path: "src/backend/core/templates/mail" @@ -64,7 +64,7 @@ jobs: - name: Setup Node.js if: steps.mail-templates.outputs.cache-hit != 'true' - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: ${{ inputs.node_version }} @@ -82,7 +82,7 @@ jobs: - name: Cache mail templates if: steps.mail-templates.outputs.cache-hit != 'true' - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: "src/backend/core/templates/mail" key: mail-templates-${{ hashFiles('src/mail/mjml') }} diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index 7ca81c66c..b0a5aed25 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -68,7 +68,7 @@ jobs: runs-on: ubuntu-latest if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') steps: - - uses: numerique-gouv/action-argocd-webhook-notification@main + - uses: numerique-gouv/action-argocd-webhook-notification@cac2ee67896eb13e84e804f60c4271370424eaa8 # main id: notify with: deployment_repo_path: "${{ secrets.DEPLOYMENT_REPO_URL }}" diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 5a9cf005c..e8dffe742 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -47,20 +47,20 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Login to DockerHub if: ${{ inputs.should_push }} - uses: docker/login-action@v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 with: images: ${{ inputs.image_name }} - name: Generate platform-specific tags @@ -87,7 +87,7 @@ jobs: # trivyignores: ./.github/.trivyignore - name: Build and push (amd64) if: ${{ inputs.should_push }}||${{ vars.TRIVY_SCAN_ENABLED }} != 'true' - uses: docker/build-push-action@v6 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: ${{ inputs.context }} file: ${{ inputs.file }} @@ -102,7 +102,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Build and push (arm64) if: ${{ inputs.should_push }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: ${{ inputs.context }} file: ${{ inputs.file }} diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index c566b5fb2..371d38d4f 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -36,15 +36,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: - node-version: "22.x" + node-version: "24.x" - name: Restore the frontend cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: "src/frontend/**/node_modules" key: front-node_modules-${{ hashFiles('src/frontend/**/yarn.lock') }} @@ -52,7 +52,7 @@ jobs: - name: Restore Playwright browsers cache id: playwright-cache - uses: actions/cache/restore@v4 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: ~/.cache/ms-playwright key: playwright-${{ runner.os }}-${{ hashFiles('src/frontend/yarn.lock', 'src/frontend/apps/e2e/yarn.lock') }} @@ -67,7 +67,7 @@ jobs: - name: Save Playwright browsers cache if: steps.playwright-cache.outputs.cache-hit != 'true' - uses: actions/cache/save@v4 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: ~/.cache/ms-playwright key: ${{ steps.playwright-cache.outputs.cache-primary-key }} @@ -78,15 +78,15 @@ jobs: timeout-minutes: ${{ inputs.timeout-minutes }} steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: - node-version: "22.x" + node-version: "24.x" - name: Restore the frontend cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: "src/frontend/**/node_modules" key: front-node_modules-${{ hashFiles('src/frontend/**/yarn.lock') }} @@ -96,7 +96,7 @@ jobs: run: cat env.d/development/common.e2e >> env.d/development/common.local - name: Restore Playwright browsers cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: ~/.cache/ms-playwright key: playwright-${{ runner.os }}-${{ hashFiles('src/frontend/yarn.lock', 'src/frontend/apps/e2e/yarn.lock') }} @@ -111,7 +111,7 @@ jobs: - name: Restore last-run cache if: ${{ github.run_attempt > 1 }} id: restore-last-run - uses: actions/cache/restore@v4 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: src/frontend/apps/e2e/test-results/.last-run.json key: playwright-last-run-${{ github.run_id }}-${{ inputs.browser-name }} @@ -138,14 +138,14 @@ jobs: - name: Save last-run cache if: always() - uses: actions/cache/save@v4 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: src/frontend/apps/e2e/test-results/.last-run.json key: playwright-last-run-${{ github.run_id }}-${{ inputs.browser-name }} - name: Upload last-run artifact if: always() - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: playwright-instance-last-run-${{ inputs.browser-name }} path: src/frontend/apps/e2e/test-results/.last-run.json @@ -153,7 +153,7 @@ jobs: if-no-files-found: warn retention-days: 7 - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 if: always() with: name: playwright-${{ inputs.browser-name }}-report diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml index c6796f6a3..ac2fb71d0 100644 --- a/.github/workflows/ghcr.yml +++ b/.github/workflows/ghcr.yml @@ -25,14 +25,14 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 with: images: ${{ env.REGISTRY }}/${{ github.repository }}/backend tags: | @@ -42,13 +42,13 @@ jobs: type=semver,pattern={{major}}.{{minor}} type=sha - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: . target: backend-production @@ -71,14 +71,14 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 with: images: ${{ env.REGISTRY }}/${{ github.repository }}/frontend tags: | @@ -88,13 +88,13 @@ jobs: type=semver,pattern={{major}}.{{minor}} type=sha - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: . file: ./src/frontend/Dockerfile @@ -120,14 +120,14 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 with: images: ${{ env.REGISTRY }}/${{ github.repository }}/y-provider tags: | @@ -137,13 +137,13 @@ jobs: type=semver,pattern={{major}}.{{minor}} type=sha - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: . file: ./src/frontend/servers/y-provider/Dockerfile diff --git a/.github/workflows/helmfile-linter.yaml b/.github/workflows/helmfile-linter.yaml index c598029f6..793425e71 100644 --- a/.github/workflows/helmfile-linter.yaml +++ b/.github/workflows/helmfile-linter.yaml @@ -15,7 +15,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Helmfile lint shell: bash diff --git a/.github/workflows/impress-frontend.yml b/.github/workflows/impress-frontend.yml index e786be76c..d50db3d2b 100644 --- a/.github/workflows/impress-frontend.yml +++ b/.github/workflows/impress-frontend.yml @@ -26,15 +26,15 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: - node-version: "22.x" + node-version: "24.x" - name: Restore the frontend cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: "src/frontend/**/node_modules" key: front-node_modules-${{ hashFiles('src/frontend/**/yarn.lock') }} @@ -50,14 +50,14 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: - node-version: "22.x" + node-version: "24.x" - name: Restore the frontend cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: "src/frontend/**/node_modules" key: front-node_modules-${{ hashFiles('src/frontend/**/yarn.lock') }} @@ -91,11 +91,11 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Detect relevant changes id: changes - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4 with: filters: | lock: @@ -104,7 +104,7 @@ jobs: - 'src/frontend/apps/impress/**' - name: Restore the frontend cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: "src/frontend/**/node_modules" key: front-node_modules-${{ hashFiles('src/frontend/**/yarn.lock') }} @@ -112,13 +112,13 @@ jobs: - name: Setup Node.js if: steps.changes.outputs.lock == 'true' || steps.changes.outputs.app == 'true' - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: - node-version: "22.x" + node-version: "24.x" - name: Check bundle size changes if: steps.changes.outputs.lock == 'true' || steps.changes.outputs.app == 'true' - uses: preactjs/compressed-size-action@v2 + uses: preactjs/compressed-size-action@66325aad6443cb7cf89c4bfcd414aea2367cda94 # v2 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" build-script: "app:build" @@ -139,14 +139,14 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: - node-version: "22.x" + node-version: "24.x" - name: Restore the frontend cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: "src/frontend/**/node_modules" key: front-node_modules-${{ hashFiles('src/frontend/**/yarn.lock') }} diff --git a/.github/workflows/impress.yml b/.github/workflows/impress.yml index cd7dc2929..7f9b39195 100644 --- a/.github/workflows/impress.yml +++ b/.github/workflows/impress.yml @@ -22,7 +22,7 @@ jobs: if: github.event_name == 'pull_request' # Makes sense only for pull requests steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - name: show @@ -49,7 +49,7 @@ jobs: github.event_name == 'pull_request' steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 50 - name: Check that the CHANGELOG has been modified in the current branch @@ -59,7 +59,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Check CHANGELOG max line length run: | max_line_length=$(cat CHANGELOG.md | grep -Ev "^\[.*\]: https://github.com" | wc -L) @@ -73,7 +73,7 @@ jobs: if: github.event_name == 'pull_request' steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install codespell run: pip install --user codespell - name: Check for typos @@ -95,11 +95,11 @@ jobs: working-directory: src/backend steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: - python-version: "3.13.3" + python-version: "3.14.4" cache: "pip" - name: Upgrade pip and setuptools run: pip install --upgrade pip setuptools @@ -122,7 +122,7 @@ jobs: services: postgres: - image: postgres:16 + image: postgres:18 env: POSTGRES_DB: impress POSTGRES_USER: dinum @@ -149,7 +149,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Create writable /data run: | @@ -157,7 +157,7 @@ jobs: sudo mkdir -p /data/static - name: Restore the mail templates - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 id: mail-templates with: path: "src/backend/core/templates/mail" @@ -193,9 +193,9 @@ jobs: mc version enable impress/impress-media-storage" - name: Install Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: - python-version: "3.13.3" + python-version: "3.14.4" cache: "pip" - name: Install development dependencies diff --git a/.github/workflows/label_preview.yml b/.github/workflows/label_preview.yml index 2f1ebf7b2..73295475a 100644 --- a/.github/workflows/label_preview.yml +++ b/.github/workflows/label_preview.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest if: contains(github.event.pull_request.labels.*.name, 'preview') steps: - - uses: thollander/actions-comment-pull-request@v3 + - uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3 with: message: | :rocket: Preview will be available at [https://${{ github.event.pull_request.number }}-docs.ppr-docs.beta.numerique.gouv.fr/](https://${{ github.event.pull_request.number }}-docs.ppr-docs.beta.numerique.gouv.fr/) diff --git a/.github/workflows/release-helm-chart.yaml b/.github/workflows/release-helm-chart.yaml index 693552e1c..fe90a0cc0 100644 --- a/.github/workflows/release-helm-chart.yaml +++ b/.github/workflows/release-helm-chart.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -23,12 +23,12 @@ jobs: run: rm -rf ./src/helm/extra - name: Install Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Publish Helm charts - uses: numerique-gouv/helm-gh-pages@add-overwrite-option + uses: numerique-gouv/helm-gh-pages@2cf477ae49d7c70037ceb1685803f4f7bad9b981 # add-overwrite-option with: charts_dir: ./src/helm token: ${{ secrets.GITHUB_TOKEN }}