Dependabot and TSCCR disjoint deps management (#56)

* Dependabot and TSCCR disjoint deps management Also adopt PRDE's best practices around frequency and update grouping. * TSCCR update * Use real super-linter action
hashicorp · Aug 12, 2024 · e953e23 · e953e23
1 parent 95c2ffd
commit e953e23
Show file tree

Hide file tree

Showing 10 changed files with 30 additions and 17 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,10 +1,23 @@
+---
 version: 2
 
 updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "monthly"
+    # Only update hashicorp-owned actions
+    # External actions managed via TSCCR
+    allow:
+      - dependency-name: "hashicorp/*"
+    groups:
+      github-actions-breaking:
+        update-types:
+          - major
+      github-actions-backward-compatible:
+        update-types:
+          - minor
+          - patch
   - package-ecosystem: gomod
     directory:
     schedule:

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -21,7 +21,7 @@ jobs:
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       # Dogfood this Action to build its own CLI.
       - uses: ./
         with:

diff --git a/.github/workflows/example-matrix.yml b/.github/workflows/example-matrix.yml
@@ -12,7 +12,7 @@ jobs:
           - { runner: ubuntu-latest, os: linux,   arch: arm64, env:  CGO_ENABLED=0 }
           - { runner: ubuntu-latest, os: windows, arch: amd64, env:  CGO_ENABLED=0 }
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Build
         uses: hashicorp/actions-go-build@main
         with:

diff --git a/.github/workflows/example-matrix.yml.currentbranch.yml b/.github/workflows/example-matrix.yml.currentbranch.yml
diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml
@@ -4,7 +4,7 @@ jobs:
   example:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Build
         uses: hashicorp/actions-go-build@main
         with:

diff --git a/.github/workflows/example.yml.currentbranch.yml b/.github/workflows/example.yml.currentbranch.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -6,7 +6,7 @@ jobs:
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Build CLI Binaries
         run: make release/zips
       - name: Create GitHub Release

diff --git a/.github/workflows/self-test-suite-verify.yml b/.github/workflows/self-test-suite-verify.yml
@@ -30,7 +30,7 @@ jobs:
           - { assert: failure, file: this-file-does-not-exist,            when: result file is missing }
           - { assert: failure, file: corrupt,                             when: result file is corrupt }
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       # generate a random ID; GH doesn't provide a proper job ID (especially for matrix jobs)
       - name: Generate random ID to distinguish build artifacts
         run: echo "ARTIFACT_ID=$RANDOM" >> "$GITHUB_ENV"

diff --git a/.github/workflows/self-test-suite.yml b/.github/workflows/self-test-suite.yml
@@ -32,7 +32,7 @@ jobs:
           - { reproducible: report, want: success }
           - { reproducible: nope,   want: success }
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: select OS value
         run: case "${{ runner.os }}" in macOS) echo "SELECTED_OS=darwin" >> "$GITHUB_ENV" ;; Linux) echo "SELECTED_OS=linux" >> "$GITHUB_ENV" ;; esac
       - uses: ./self-test
@@ -57,7 +57,7 @@ jobs:
           - { reproducible: report, want: success }
           - { reproducible: nope,   want: success }
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: select OS value
         run: case "${{ runner.os }}" in macOS) echo "SELECTED_OS=darwin" >> "$GITHUB_ENV" ;; Linux) echo "SELECTED_OS=linux" >> "$GITHUB_ENV" ;; esac
       - uses: ./self-test
@@ -91,7 +91,7 @@ jobs:
           - { reproducible: report, os: darwin, arch: arm64, want: success }
           - { reproducible: nope,   os: darwin, arch: arm64, want: success }
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         if: runner.os == 'macOS'
       - uses: ./self-test
         if: runner.os == 'macOS'
@@ -117,7 +117,7 @@ jobs:
           - { reproducible: report, want: success }
           - { reproducible: nope,   want: success }
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: select OS value
         run: case "${{ runner.os }}" in macOS) echo "SELECTED_OS=darwin" >> "$GITHUB_ENV" ;; Linux) echo "SELECTED_OS=linux" >> "$GITHUB_ENV" ;; esac
       - uses: ./self-test
@@ -144,7 +144,7 @@ jobs:
           - { reproducible: report, want: success }
           - { reproducible: nope,   want: success }
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: select OS value
         run: case "${{ runner.os }}" in macOS) echo "SELECTED_OS=darwin" >> "$GITHUB_ENV" ;; Linux) echo "SELECTED_OS=linux" >> "$GITHUB_ENV" ;; esac
       - uses: ./self-test
@@ -170,7 +170,7 @@ jobs:
           - { reproducible: report, want: failure }
           - { reproducible: nope,   want: failure }
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: select OS value
         run: case "${{ runner.os }}" in macOS) echo "SELECTED_OS=darwin" >> "$GITHUB_ENV" ;; Linux) echo "SELECTED_OS=linux" >> "$GITHUB_ENV" ;; esac
       - uses: ./self-test

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -13,13 +13,13 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: github/super-linter@4e51915f4a812abf59fed160bb14595c0a38a9e7 # v6
+      - uses: super-linter/super-linter@b4515bd4ad9d0aa4681960e053916ab991bdbe96 # v6.8.0
 
   go-tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
-      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
           go-version-file: go.mod
           cache: false