mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2026-04-29 02:34:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
35,949 Commits 13 Branches 60 Tags
545007ac724728f7f00a4c8caac156b59312bdce
Commit Graph

4 Commits

Author SHA1 Message Date
zeertzjq
1244fe157f vim-patch:ecf90b9: CI: make dependabot monitor .github/actions directory (#38383) 
and also set `cooldown`, `groups`

related: vim/vim#19747
closes:  vim/vim#19756

ecf90b92f1

Co-authored-by: ichizok <gclient.gaap@gmail.com>
 2026-03-20 17:02:21 +08:00
Daniel Hast
d1314018cc ci: pin third-party action dependencies to commit hashes 
This improves CI security by ensuring that action dependencies cannot be
changed by upstream repositories without updating the use of the
dependency in this repo.

Official GitHub-maintained actions are excluded from this requirement
and are left pinned by a tag instead of a commit hash. This action
dependency pinning policy is codified in `.github/zizmor.yml` so that
Zizmor (a static analysis tool for GitHub Actions) doesn't flag these as
unpinned dependencies.

Also add cooldown timer for Dependabot. This fixes these two Zizmor
audits:
* https://docs.zizmor.sh/audits/#dependabot-cooldown
* https://docs.zizmor.sh/audits/#unpinned-uses
 2026-03-09 21:36:20 -04:00
dundargoc
a478fd4175 ci: use "ci" as the commit type for dependabot updates 2023-03-24 05:39:18 +01:00
Vedant
96b6b27f74 ci: add dependabot to auto-update github actions (#22341) 
This will ensure we don't accidentally have outdated actions.
 2023-02-20 22:24:27 +01:00