mirror of
https://github.com/capstone-engine/llvm-capstone.git
synced 2024-12-02 18:58:15 +00:00
f3524e9aeb
Closes #75620 As I mentioned on the issue, this PR aims to hash-pin the CI dependencies used on sensitive context -- i.e., they either are called with write permissions, or are being used to build critical artifacts like a release. In summary, this PR brings 3 changes: 1. Hash pin GitHub Actions called on sensitive context 2. Hash pin python dependencies used on sensitive context 3. Configure dependabot to automatically update those hashes I'm further explaining the steps bellow. The dependencies in format of GitHub Actions, I simply hash-pinned them. I also made sure to keep the human-readable version as comments at the same line. At the [release-tasks.yml](https://github.com/llvm/llvm-project/blob/main/.github/workflows/release-tasks.yml) file, I've changed the installation method of some python dependencies to install them considering their hashpinning. That required the generation of a requirements file that had all the correct hashes, and for that I used [pip-tools](https://pypi.org/project/pip-tools/2.0.0/). While configuring dependabot, I set it to send a monthly PR updating all the GitHub Actions, and a weekly PR to update any python dependency required by [/llvm/docs/requirements.txt](https://github.com/llvm/llvm-project/blob/main/llvm/docs/requirements.txt). Let me know if you have any questions or concerns, I'd be happy to clarify and help. Thanks! --------- Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
19 lines
360 B
YAML
19 lines
360 B
YAML
version: 2
|
|
updates:
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "monthly"
|
|
groups:
|
|
github-actions:
|
|
patterns:
|
|
- "*"
|
|
- package-ecosystem: "pip"
|
|
directory: "/llvm/docs"
|
|
schedule:
|
|
interval: "monthly"
|
|
groups:
|
|
llvm-docs-requirements:
|
|
patterns:
|
|
- "*"
|