conda-forge · beckermr · May 6, 2024 · May 6, 2024
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
@@ -2,7 +2,7 @@ name: create_feedstocks
 
 on:
   schedule:
-    - cron:  '*/10 * * * *'
+    - cron: '*/10 * * * *'
   workflow_dispatch: null
 
 jobs:
@@ -12,18 +12,18 @@ jobs:
 
     steps:
       - name: checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
           repository: conda-forge/staged-recipes
           token: ${{ secrets.CF_ADMIN_GITHUB_TOKEN }}
 
       - name: prevent multiple jobs running in parallel
         id: conversion_lock
-        uses: beckermr/turnstyle-python@v1
+        uses: beckermr/turnstyle-python@e997c7ea75032a98f3b515ef8ee0ca89cf172713 # v1
         with:
           abort-after-seconds: 3
           poll-interval-seconds: 2
-          github-token:  ${{ secrets.CF_ADMIN_GITHUB_TOKEN }}
+          github-token: ${{ secrets.CF_ADMIN_GITHUB_TOKEN }}
         continue-on-error: true
 
       - name: commit any changes upon checkout
@@ -41,15 +41,15 @@ jobs:
         # outcome is evaluated before continue-on-error above
         if: ${{ steps.conversion_lock.outcome == 'success' }}
         run: |
-            # Avoid wasting CI time if there are no recipes ready for conversion
-            if [ "$(ls recipes/*/meta.yaml | grep -v recipes/example/meta.yaml --count)" -eq 0 ]; then
-              echo "No new recipes found, exiting..."
-              exit 0
-            fi
+          # Avoid wasting CI time if there are no recipes ready for conversion
+          if [ "$(ls recipes/*/meta.yaml | grep -v recipes/example/meta.yaml --count)" -eq 0 ]; then
+            echo "No new recipes found, exiting..."
+            exit 0
+          fi
 
-            echo "Creating feedstocks from the recipe(s)."
+          echo "Creating feedstocks from the recipe(s)."
 
-            source ./.github/workflows/scripts/create_feedstocks
+          source ./.github/workflows/scripts/create_feedstocks
         env:
           STAGING_BINSTAR_TOKEN: ${{ secrets.STAGING_BINSTAR_TOKEN }}
           GH_TOKEN: ${{ secrets.CF_ADMIN_GITHUB_TOKEN }}

@@ -11,78 +11,78 @@ jobs:
   run:
     runs-on: ubuntu-latest
     steps:
-    - name: Prevent multiple jobs running in parallel
-      id: conversion_lock
-      uses: beckermr/turnstyle-python@v1
-      with:
-        abort-after-seconds: 3
-        poll-interval-seconds: 2
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-      continue-on-error: true
+      - name: Prevent multiple jobs running in parallel
+        id: conversion_lock
+        uses: beckermr/turnstyle-python@e997c7ea75032a98f3b515ef8ee0ca89cf172713 # v1
+        with:
+          abort-after-seconds: 3
+          poll-interval-seconds: 2
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+        continue-on-error: true
 
-    - uses: actions/checkout@v4
-      # outcome is evaluated before continue-on-error above
-      if: steps.conversion_lock.outcome == 'success'
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
+        # outcome is evaluated before continue-on-error above
+        if: steps.conversion_lock.outcome == 'success'
 
-    - name: fast finish
-      if: ${{ steps.conversion_lock.outcome == 'success' }}
-      run: |
-        set -x
-        # avoid wasting CI time if there is nothing to do
-        count_yml=$(ls requests/*.yml | wc -l)
-        count_yaml=$(ls requests/*.yaml | wc -l)
-        count=$(($count_yml + $count_yaml))
-        if [[ "${count}" == "0" ]]; then
-          echo "nothing to do, setting ci skip!"
-          echo "CI_SKIP=true" >> $GITHUB_ENV
-        fi
+      - name: fast finish
+        if: ${{ steps.conversion_lock.outcome == 'success' }}
+        run: |
+          set -x
+          # avoid wasting CI time if there is nothing to do
+          count_yml=$(ls requests/*.yml | wc -l)
+          count_yaml=$(ls requests/*.yaml | wc -l)
+          count=$(($count_yml + $count_yaml))
+          if [[ "${count}" == "0" ]]; then
+            echo "nothing to do, setting ci skip!"
+            echo "CI_SKIP=true" >> $GITHUB_ENV
+          fi
 
-    - uses: conda-incubator/setup-miniconda@v2
-      if: steps.conversion_lock.outcome == 'success' && ! env.CI_SKIP
-      with:
-        activate-environment: cf
-        environment-file: environment.yml
-        auto-activate-base: true
-        miniforge-version: latest
-        miniforge-variant: Mambaforge
-        use-mamba: true
+      - uses: conda-incubator/setup-miniconda@9f54435e0e72c53962ee863144e47a4b094bfd35 # v2
+        if: steps.conversion_lock.outcome == 'success' && ! env.CI_SKIP
+        with:
+          activate-environment: cf
+          environment-file: environment.yml
+          auto-activate-base: true
+          miniforge-version: latest
+          miniforge-variant: Mambaforge
+          use-mamba: true
 
-    - name: Generate token
-      if: steps.conversion_lock.outcome == 'success' && ! env.CI_SKIP
-      id: generate_token
-      uses: actions/create-github-app-token@v1
-      with:
-        app-id: ${{ secrets.CF_CURATOR_APP_ID }}
-        private-key: ${{ secrets.CF_CURATOR_PRIVATE_KEY }}
-        owner: ${{ github.repository_owner }}
+      - name: Generate token
+        if: steps.conversion_lock.outcome == 'success' && ! env.CI_SKIP
+        id: generate_token
+        uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1
+        with:
+          app-id: ${{ secrets.CF_CURATOR_APP_ID }}
+          private-key: ${{ secrets.CF_CURATOR_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
 
-    - name: Process requests based on YAML files
-      if: steps.conversion_lock.outcome == 'success' && ! env.CI_SKIP
-      shell: bash -el {0}
-      run: |
-        git config --global user.email "79913779+conda-forge-curator[bot]@users.noreply.github.com"
-        git config --global user.name "conda-forge-curator[bot]"
-        python -m conda_forge_admin_requests run
-      env:
-        PROD_BINSTAR_TOKEN: ${{ secrets.PROD_BINSTAR_TOKEN }}
-        GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-        CIRCLE_TOKEN: ${{ secrets.CIRCLE_TOKEN }}
-        TRAVIS_TOKEN: ${{ secrets.CF_ADMIN_TRAVIS_TOKEN }}
-        AZURE_TOKEN: ${{ secrets.AZURE_TOKEN }}
-        DRONE_TOKEN: ${{ secrets.DRONE_TOKEN }}
-        CIRUN_API_KEY: ${{ secrets.CIRUN_API_KEY }}
-        GITHUB_ADMIN_TOKEN: ${{ secrets.CF_ADMIN_GITHUB_TOKEN }}
-        CIRUN_INSTALLATION_ID: ${{ secrets.CIRUN_INSTALLATION_ID }}
-        STAGING_BINSTAR_TOKEN: ${{ secrets.STAGING_BINSTAR_TOKEN }}
+      - name: Process requests based on YAML files
+        if: steps.conversion_lock.outcome == 'success' && ! env.CI_SKIP
+        shell: bash -el {0}
+        run: |
+          git config --global user.email "79913779+conda-forge-curator[bot]@users.noreply.github.com"
+          git config --global user.name "conda-forge-curator[bot]"
+          python -m conda_forge_admin_requests run
+        env:
+          PROD_BINSTAR_TOKEN: ${{ secrets.PROD_BINSTAR_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+          CIRCLE_TOKEN: ${{ secrets.CIRCLE_TOKEN }}
+          TRAVIS_TOKEN: ${{ secrets.CF_ADMIN_TRAVIS_TOKEN }}
+          AZURE_TOKEN: ${{ secrets.AZURE_TOKEN }}
+          DRONE_TOKEN: ${{ secrets.DRONE_TOKEN }}
+          CIRUN_API_KEY: ${{ secrets.CIRUN_API_KEY }}
+          GITHUB_ADMIN_TOKEN: ${{ secrets.CF_ADMIN_GITHUB_TOKEN }}
+          CIRUN_INSTALLATION_ID: ${{ secrets.CIRUN_INSTALLATION_ID }}
+          STAGING_BINSTAR_TOKEN: ${{ secrets.STAGING_BINSTAR_TOKEN }}
 
-    - name: pull changes
-      if: steps.conversion_lock.outcome == 'success' && ! env.CI_SKIP
-      shell: bash -el {0}
-      run: |
+      - name: pull changes
+        if: steps.conversion_lock.outcome == 'success' && ! env.CI_SKIP
+        shell: bash -el {0}
+        run: |
           git pull
 
-    - name: Push changes
-      if: steps.conversion_lock.outcome == 'success' && ! env.CI_SKIP
-      uses: ad-m/github-push-action@master
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Push changes
+        if: steps.conversion_lock.outcome == 'success' && ! env.CI_SKIP
+        uses: ad-m/github-push-action@9870d48124da805820c70ebc6ba563c715551019 # master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -11,20 +11,20 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
 
-    - uses: conda-incubator/setup-miniconda@v2
-      with:
-        activate-environment: cf
-        environment-file: environment.yml
-        auto-activate-base: true
-        miniforge-version: latest
-        miniforge-variant: Mambaforge
+      - uses: conda-incubator/setup-miniconda@9f54435e0e72c53962ee863144e47a4b094bfd35 # v2
+        with:
+          activate-environment: cf
+          environment-file: environment.yml
+          auto-activate-base: true
+          miniforge-version: latest
+          miniforge-variant: Mambaforge
 
-    - name: Check request YAML files
-      shell: bash -el {0}
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
+      - name: Check request YAML files
+        shell: bash -el {0}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
           conda activate cf
           python -m conda_forge_admin_requests check
@@ -2,7 +2,7 @@ name: repodata_patching
 
 on:
   schedule:
-    - cron:  '0 0 * * 0'
+    - cron: '0 0 * * 0'
   workflow_dispatch: null
 
 jobs:
@@ -11,18 +11,18 @@ jobs:
     steps:
       - name: Prevent multiple jobs running in parallel
         id: conversion_lock
-        uses: beckermr/turnstyle-python@v1
+        uses: beckermr/turnstyle-python@e997c7ea75032a98f3b515ef8ee0ca89cf172713 # v1
         with:
           abort-after-seconds: 3
           poll-interval-seconds: 2
           github-token: ${{ secrets.GITHUB_TOKEN }}
         continue-on-error: true
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
         # outcome is evaluated before continue-on-error above
         if: steps.conversion_lock.outcome == 'success'
 
-      - uses: conda-incubator/setup-miniconda@v2
+      - uses: conda-incubator/setup-miniconda@9f54435e0e72c53962ee863144e47a4b094bfd35 # v2
         if: steps.conversion_lock.outcome == 'success'
         with:
           activate-environment: cf
@@ -34,7 +34,7 @@ jobs:
       - name: Generate token
         if: steps.conversion_lock.outcome == 'success'
         id: generate_token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1
         with:
           app-id: ${{ secrets.CF_CURATOR_APP_ID }}
           private-key: ${{ secrets.CF_CURATOR_PRIVATE_KEY }}
@@ -44,10 +44,10 @@ jobs:
         if: steps.conversion_lock.outcome == 'success'
         shell: bash -l {0}
         run: |
-            conda activate cf
-            git config --global user.email "79913779+conda-forge-curator[bot]@users.noreply.github.com"
-            git config --global user.name "conda-forge-curator[bot]"
-            git config --global pull.rebase false
-            python update_repodata_patches.py
+          conda activate cf
+          git config --global user.email "79913779+conda-forge-curator[bot]@users.noreply.github.com"
+          git config --global user.name "conda-forge-curator[bot]"
+          git config --global pull.rebase false
+          python update_repodata_patches.py
         env:
           GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}