From a2616c9cf80b3e571eba771493df12b727a7e921 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Fri, 15 May 2026 13:33:56 +0200 Subject: [PATCH] chore: sync with WeblateOrg/meta --- .github/workflows/closing.yml | 3 ++- .github/workflows/dependency-review.yml | 4 ++-- .github/workflows/labels.yml | 8 ++++---- .github/workflows/pre-commit.yml | 4 +++- .github/workflows/pull_requests.yaml | 9 ++------- 5 files changed, 13 insertions(+), 15 deletions(-) diff --git a/.github/workflows/closing.yml b/.github/workflows/closing.yml index cb24a36..a8d28a7 100644 --- a/.github/workflows/closing.yml +++ b/.github/workflows/closing.yml @@ -17,8 +17,9 @@ permissions: contents: read jobs: - issueClosed: + issue-closed: permissions: + contents: read # for actions/checkout issues: write # for gh issue comment runs-on: ubuntu-slim steps: diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index af65f0f..fddf271 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,8 +15,8 @@ jobs: runs-on: ubuntu-slim steps: - name: Checkout Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Dependency Review - uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 + uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index b9c025e..4f64559 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -9,12 +9,13 @@ on: issues: types: [labeled] -permissions: - contents: read +permissions: {} jobs: - issueLabeled: + issue-labeled: + if: ${{ ! github.event.issue.pull_request && github.event.label.name == 'good first issue' }} permissions: + contents: read # for actions/checkout issues: write # for gh issue comment runs-on: ubuntu-slim steps: @@ -22,7 +23,6 @@ jobs: with: persist-credentials: false - name: Add good first issue comment - if: ${{ github.event.label.name == 'good first issue' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} ISSUE_NUMBER: ${{ github.event.issue.number }} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 0b0b43d..adc209d 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,6 +8,8 @@ name: Pre-commit check on: push: branches-ignore: + - copilot/** + - codex/** - renovate/** - weblate - dependabot/** @@ -21,7 +23,7 @@ jobs: runs-on: ubuntu-24.04-arm steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - uses: ./.github/actions/pre-commit-setup diff --git a/.github/workflows/pull_requests.yaml b/.github/workflows/pull_requests.yaml index a0f467b..29bfc57 100644 --- a/.github/workflows/pull_requests.yaml +++ b/.github/workflows/pull_requests.yaml @@ -3,25 +3,20 @@ # SPDX-License-Identifier: CC0-1.0 # This file is maintained in https://github.com/WeblateOrg/meta/ - name: Pull request automation on: # zizmor: ignore[dangerous-triggers] pull_request_target: types: opened -permissions: - contents: read +permissions: {} jobs: - weblate_automerge: + weblate-automerge: runs-on: ubuntu-slim name: Weblate automerge if: github.actor == 'weblate' steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - name: Enable Pull Request Automerge run: gh pr merge --rebase --auto "$PR_NUMBER" env: