diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4931eea..a31319f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,7 +4,7 @@ concurrency: jobs: ci: name: CI - uses: praw-dev/.github/.github/workflows/ci.yml@9ff8957d0cab4cf8c9d7cb5592aedb3d456cc058 # v1.4.0 + uses: praw-dev/.github/.github/workflows/ci.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0 with: min_python: "3.10" python_versions: '["3.10", "3.11", "3.12", "3.13", "3.14"]' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..0c77806 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,15 @@ +concurrency: + group: lint-${{ github.ref }} + cancel-in-progress: true +jobs: + lint: + name: Lint workflows + permissions: + contents: read # required to check out the repository + uses: praw-dev/.github/.github/workflows/lint.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0 +name: Lint workflows +on: + pull_request: + push: + branches: ["main"] +permissions: {} diff --git a/.github/workflows/pre-commit_autoupdate.yml b/.github/workflows/pre-commit_autoupdate.yml index 8ecd1df..6d4b279 100644 --- a/.github/workflows/pre-commit_autoupdate.yml +++ b/.github/workflows/pre-commit_autoupdate.yml @@ -4,7 +4,7 @@ jobs: secrets: APP_ID: ${{ secrets.APP_ID }} APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} - uses: praw-dev/.github/.github/workflows/pre-commit_autoupdate.yml@9ff8957d0cab4cf8c9d7cb5592aedb3d456cc058 # v1.4.0 + uses: praw-dev/.github/.github/workflows/pre-commit_autoupdate.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0 name: Update pre-commit hooks on: schedule: diff --git a/.github/workflows/prepare_release.yml b/.github/workflows/prepare_release.yml index b9f0db9..d1d3603 100644 --- a/.github/workflows/prepare_release.yml +++ b/.github/workflows/prepare_release.yml @@ -13,7 +13,7 @@ jobs: secrets: APP_ID: ${{ secrets.APP_ID }} APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} - uses: praw-dev/.github/.github/workflows/prepare_release.yml@9ff8957d0cab4cf8c9d7cb5592aedb3d456cc058 # v1.4.0 + uses: praw-dev/.github/.github/workflows/prepare_release.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0 with: package: codesorter version: ${{ inputs.version }} diff --git a/.github/workflows/stale_action.yml b/.github/workflows/stale_action.yml index 944df2c..fc7987c 100644 --- a/.github/workflows/stale_action.yml +++ b/.github/workflows/stale_action.yml @@ -1,12 +1,13 @@ jobs: stale_action: name: Close stale issues and PRs - uses: praw-dev/.github/.github/workflows/stale_action.yml@9ff8957d0cab4cf8c9d7cb5592aedb3d456cc058 # v1.4.0 + permissions: + issues: write # required to comment on and close stale issues + pull-requests: write # required to comment on and close stale PRs + uses: praw-dev/.github/.github/workflows/stale_action.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0 name: Close stale issues and PRs on: schedule: - cron: 0 */6 * * * workflow_dispatch: -permissions: - issues: write - pull-requests: write +permissions: {} diff --git a/.github/workflows/tag_release.yml b/.github/workflows/tag_release.yml index ca406a9..b9b283e 100644 --- a/.github/workflows/tag_release.yml +++ b/.github/workflows/tag_release.yml @@ -2,9 +2,10 @@ name: Tag Release on: push: branches: [main] -permissions: - contents: write +permissions: {} jobs: tag_release: name: Tag Release - uses: praw-dev/.github/.github/workflows/tag_release.yml@9ff8957d0cab4cf8c9d7cb5592aedb3d456cc058 # v1.4.0 + permissions: + contents: write # required to push the release tag + uses: praw-dev/.github/.github/workflows/tag_release.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0