diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 40084a4c37c..37c2e43bba5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -24,3 +24,5 @@ updates: labels: - "maintenance" - "skip-changelog" + cooldown: + default-days: 7 diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index 0d9906fede7..f5eb6068fe3 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -36,7 +36,7 @@ jobs: steps: # Checkout current git repository - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # fetch all history so that setuptools-scm works fetch-depth: 0 diff --git a/.github/workflows/cache_data.yaml b/.github/workflows/cache_data.yaml index 752fec43125..6b2d07fe656 100644 --- a/.github/workflows/cache_data.yaml +++ b/.github/workflows/cache_data.yaml @@ -38,7 +38,7 @@ jobs: steps: # Checkout current git repository - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # fetch all history so that setuptools-scm works fetch-depth: 0 @@ -74,7 +74,7 @@ jobs: # Upload the downloaded files as artifacts to GitHub - name: Upload artifacts to GitHub - uses: actions/upload-artifact@v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: gmt-cache include-hidden-files: true diff --git a/.github/workflows/cache_dvc.yaml b/.github/workflows/cache_dvc.yaml index f5a0dc2ce82..06e6185d754 100644 --- a/.github/workflows/cache_dvc.yaml +++ b/.github/workflows/cache_dvc.yaml @@ -29,13 +29,14 @@ jobs: dvc_cache: name: Cache DVC baseline images runs-on: ubuntu-slim + environment: pr-tests defaults: run: shell: bash -l {0} steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # fetch all history so that setuptools-scm works fetch-depth: 0 @@ -52,7 +53,7 @@ jobs: dvc pull --no-run-cache --verbose && ls -lhR pygmt/tests/baseline/ - name: Upload DVC cache as artifacts to GitHub - uses: actions/upload-artifact@v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: dvc-cache include-hidden-files: true diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index f4e18cc28fc..6e2b467f127 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -26,13 +26,13 @@ jobs: steps: - name: Checkout the repository - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: path: repository persist-credentials: false - name: Checkout the documentation - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: ref: gh-pages path: documentation diff --git a/.github/workflows/ci_docs.yml b/.github/workflows/ci_docs.yml index fc331552294..a561db1e151 100644 --- a/.github/workflows/ci_docs.yml +++ b/.github/workflows/ci_docs.yml @@ -72,7 +72,7 @@ jobs: steps: # Checkout current git repository - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # fetch all history so that setuptools-scm works fetch-depth: 0 @@ -150,7 +150,7 @@ jobs: cd ../.. - name: Upload PDF as artifact for previewing on pull requests - uses: actions/upload-artifact@v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: github.event_name == 'pull_request' && matrix.os == 'ubuntu-latest' with: name: artifact-pygmt-docs-pdf @@ -168,7 +168,7 @@ jobs: REF_NAME: ${{ github.ref_name }} - name: Checkout the gh-pages branch - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: ref: gh-pages # Checkout to this folder instead of the current one diff --git a/.github/workflows/ci_doctests.yaml b/.github/workflows/ci_doctests.yaml index 43b0fa28eb1..40efc0ec396 100644 --- a/.github/workflows/ci_doctests.yaml +++ b/.github/workflows/ci_doctests.yaml @@ -37,7 +37,7 @@ jobs: steps: # Checkout current git repository - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # fetch all history so that setuptools-scm works fetch-depth: 0 diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 948a05c0cc1..c7bb21bd415 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -107,7 +107,7 @@ jobs: steps: # Checkout current git repository - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # fetch all history so that setuptools-scm works fetch-depth: 0 @@ -193,7 +193,7 @@ jobs: # Upload diff images on test failure - name: Upload diff images if any test fails - uses: actions/upload-artifact@v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: failure() with: name: artifact-${{ matrix.os }}-${{ matrix.python-version }} diff --git a/.github/workflows/ci_tests_dev.yaml b/.github/workflows/ci_tests_dev.yaml index e311b43d9cb..87ea333ce03 100644 --- a/.github/workflows/ci_tests_dev.yaml +++ b/.github/workflows/ci_tests_dev.yaml @@ -34,6 +34,7 @@ jobs: test_gmt_dev: name: ${{ matrix.os }} - GMT ${{ matrix.gmt_git_ref }} runs-on: ${{ matrix.os }} + environment: pr-tests if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run/test-gmt-dev') strategy: fail-fast: false @@ -48,7 +49,7 @@ jobs: steps: # Checkout current git repository - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # fetch all history so that setuptools-scm works fetch-depth: 0 @@ -94,7 +95,7 @@ jobs: # Checkout current GMT repository - name: Checkout the GMT source from ${{ matrix.gmt_git_ref }} branch - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: repository: 'GenericMappingTools/gmt' ref: ${{ matrix.gmt_git_ref }} @@ -187,7 +188,7 @@ jobs: # Upload diff images on test failure - name: Upload diff images if any test fails - uses: actions/upload-artifact@v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: ${{ failure() }} with: name: artifact-${{ matrix.os }}-GMT-${{ matrix.gmt_git_ref }} diff --git a/.github/workflows/ci_tests_legacy.yaml b/.github/workflows/ci_tests_legacy.yaml index 7ef03db1bec..ae3b9ebecb9 100644 --- a/.github/workflows/ci_tests_legacy.yaml +++ b/.github/workflows/ci_tests_legacy.yaml @@ -46,7 +46,7 @@ jobs: steps: # Checkout current git repository - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # fetch all history so that setuptools-scm works fetch-depth: 0 diff --git a/.github/workflows/dvc-diff.yml b/.github/workflows/dvc-diff.yml index 62c5de36db1..d611238afb6 100644 --- a/.github/workflows/dvc-diff.yml +++ b/.github/workflows/dvc-diff.yml @@ -22,10 +22,11 @@ jobs: dvc-diff: name: DVC image diff runs-on: ubuntu-slim + environment: pr-tests steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # fetch all history so that dvc diff works fetch-depth: 0 diff --git a/.github/workflows/format-command.yml b/.github/workflows/format-command.yml index 25b54d2b3b3..3020599e50a 100644 --- a/.github/workflows/format-command.yml +++ b/.github/workflows/format-command.yml @@ -12,19 +12,20 @@ permissions: {} jobs: format: + environment: pr-tests permissions: contents: write # for Git to git push runs-on: ubuntu-slim steps: # Generate token from GenericMappingTools bot - - uses: actions/create-github-app-token@v3.0.0 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: generate-token with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} # Checkout the pull request branch - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ steps.generate-token.outputs.token }} repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} @@ -33,10 +34,10 @@ jobs: # Setup Python environment - name: Set up Python and install dependencies - uses: actions/setup-python@v6.2.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.14' - pip-install: ruff prek + pip-install: ruff prek # zizmor: ignore[misfeature] - name: List installed packages run: python -m pip list diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml index 90050ad5096..8dea00aa0d9 100644 --- a/.github/workflows/publish-to-pypi.yml +++ b/.github/workflows/publish-to-pypi.yml @@ -43,17 +43,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # fetch all history so that setuptools-scm works fetch-depth: 0 persist-credentials: false - name: Set up Python and install dependencies - uses: actions/setup-python@v6.2.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.14' - pip-install: build + pip-install: build # zizmor: ignore[misfeature] # This step is only necessary for testing purposes and for TestPyPI - name: Fix up version string for TestPyPI @@ -72,7 +72,7 @@ jobs: ls -lh dist/ - name: Store the distribution packages - uses: actions/upload-artifact@v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: python-package-distributions path: dist/ @@ -91,7 +91,7 @@ jobs: steps: - name: Download all the dists - uses: actions/download-artifact@v8.0.1 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: python-package-distributions path: dist/ @@ -115,7 +115,7 @@ jobs: steps: - name: Download all the dists - uses: actions/download-artifact@v8.0.1 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: python-package-distributions path: dist/ diff --git a/.github/workflows/release-baseline-images.yml b/.github/workflows/release-baseline-images.yml index c42a2dba895..b0956ffe1ea 100644 --- a/.github/workflows/release-baseline-images.yml +++ b/.github/workflows/release-baseline-images.yml @@ -15,6 +15,7 @@ jobs: upload-baseline: name: Upload baseline images runs-on: ubuntu-slim + environment: pr-tests if: github.repository == 'GenericMappingTools/pygmt' permissions: @@ -23,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/style_checks.yaml b/.github/workflows/style_checks.yaml index bba294500a6..043a6bcc44d 100644 --- a/.github/workflows/style_checks.yaml +++ b/.github/workflows/style_checks.yaml @@ -26,15 +26,15 @@ jobs: steps: # Checkout current git repository - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up Python and install dependencies - uses: actions/setup-python@v6.2.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.14' - pip-install: ruff prek + pip-install: ruff prek # zizmor: ignore[misfeature] - name: List installed packages run: python -m pip list diff --git a/.github/workflows/type_checks.yml b/.github/workflows/type_checks.yml index 2256d2c64f1..29f75a63871 100644 --- a/.github/workflows/type_checks.yml +++ b/.github/workflows/type_checks.yml @@ -35,20 +35,20 @@ jobs: steps: # Checkout current git repository - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false # Setup Python - name: Set up Python - uses: actions/setup-python@v6.2.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.14' # Need to install following packages: # 1. required packages # 2. type checker and stub packages # 3. other packages that are used somewhere in PyGMT - pip-install: | + pip-install: | # zizmor: ignore[misfeature] numpy pandas xarray packaging mypy pandas-stubs pyarrow-stubs diff --git a/.github/workflows/welcome.yml b/.github/workflows/welcome.yml index 76f11dbec18..bbcc5246c08 100644 --- a/.github/workflows/welcome.yml +++ b/.github/workflows/welcome.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-slim steps: - - uses: actions/first-interaction@v3.1.0 + - uses: actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3.1.0 with: issue_message: | 👋 Thanks for opening your first issue here! diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 46f8b949f93..4cedd9b47b8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -16,6 +16,6 @@ repos: - id: chmod args: ["644"] - repo: https://github.com/zizmorcore/zizmor-pre-commit - rev: v1.19.0 + rev: v1.23.1 hooks: - id: zizmor