diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6374da7..d08db6a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Free Disk Space - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false android: true @@ -52,7 +52,7 @@ jobs: sudo apt install -y buildah qemu-user-static - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Determine tags id: tags @@ -70,7 +70,7 @@ jobs: - name: Build image with Buildah id: build_image - uses: redhat-actions/buildah-build@v2 + uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13 with: image: ${{ env.IMAGE_NAME }} tags: ${{ steps.tags.outputs.tags }} @@ -95,7 +95,7 @@ jobs: fi - name: Push image to Quay.io - uses: redhat-actions/push-to-registry@v2 + uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8 with: image: ${{ steps.build_image.outputs.image }} tags: ${{ steps.build_image.outputs.tags }} diff --git a/.github/workflows/validation.yml b/.github/workflows/validation.yml index 0544b8e..0fe7986 100644 --- a/.github/workflows/validation.yml +++ b/.github/workflows/validation.yml @@ -29,7 +29,7 @@ jobs: working-directory: ./scripts/python-scripts steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup Environment run: pip3 install -r requirements.txt - name: Validate prompt @@ -40,9 +40,9 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Use Node.js and cache dependencies - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: '22.21' cache: 'yarn' diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..dd79c64 --- /dev/null +++ b/renovate.json @@ -0,0 +1,90 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base", + "helpers:pinGitHubActionDigests", + ":gitSignOff" + ], + "timezone": "America/Toronto", + "schedule": [ + "* 19-23 * * 0", + "* 0-2 * * 1" + ], + "enabledManagers": [ + "dockerfile", + "github-actions", + "custom.regex", + "pep621", + "npm" + ], + "regexManagers": [ + { + "fileMatch": [ + "(M|m)akefile$" + ], + "matchStrings": [ + "RAG_CONTENT_IMAGE\\s+\\?\\=\\s+\"?(?.*?)\\:release-(?.*)-lcs\"?\\n" + ], + "datasourceTemplate": "docker", + "depNameTemplate": "quay.io/redhat-ai-dev/rag-content" + } + ], + "packageRules": [ + { + "matchUpdateTypes": ["major"], + "enabled": false + }, + { + "matchManagers": ["dockerfile"], + "matchPackageNames": ["registry.access.redhat.com/ubi9/ubi-minimal"], + "matchUpdateTypes": ["major", "patch"], + "enabled": false + }, + { + "matchManagers": ["dockerfile"], + "matchPackageNames": ["quay.io/lightspeed-core/lightspeed-stack"], + "enabled": false + }, + { + "matchManagers": ["pep621"], + "matchPackageNames": ["python"], + "matchUpdateTypes": ["major", "minor"], + "enabled": false + }, + { + "matchDepNames": ["quay.io/redhat-ai-dev/rag-content"], + "extractVersion": "^release-(?\\d+\\.\\d+)-l(c|l)s", + "versioning": "loose" + }, + { + "matchManagers": ["github-actions"], + "groupName": "github actions", + "groupSlug": "github-actions", + "commitMessageTopic": "{{depName}}" + }, + { + "matchManagers": ["dockerfile"], + "groupName": "dockerfile deps", + "groupSlug": "dockerfile-deps", + "commitMessageTopic": "{{depName}}" + }, + { + "matchManagers": ["pep621"], + "groupName": "python deps", + "groupSlug": "python-deps", + "commitMessageTopic": "{{depName}}" + }, + { + "matchManagers": ["npm"], + "groupName": "npm deps", + "groupSlug": "npm-deps", + "commitMessageTopic": "{{depName}}" + } + ], + "vulnerabilityAlerts": { + "enabled": true + }, + "prHourlyLimit": 20, + "prConcurrentLimit": 10, + "labels": ["renovatebot"] +}