From b8ef5f66beb924c534c66ff3aa90153da6b51929 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 7 Nov 2025 13:57:11 +0000 Subject: [PATCH 1/2] chore(deps): update dargmuesli/github-actions action to v3 --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/release-schedule.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 74fd4b9..46f0a2b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,7 +28,7 @@ jobs: release_semantic_dry: needs: prepare_jobs name: Release (semantic, dry) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2b47b35b82df04152c34ae042bd011dd83f28ffd # 2.8.0 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@714a68188444d710ffa3e9f35a05f6a9d420931d # 3.2.0 if: needs.prepare_jobs.outputs.pr_found == 'false' || github.event_name == 'pull_request' permissions: contents: write @@ -38,7 +38,7 @@ jobs: DRY_RUN: true build: name: Build - uses: dargmuesli/github-actions/.github/workflows/docker.yml@2b47b35b82df04152c34ae042bd011dd83f28ffd # 2.8.0 + uses: dargmuesli/github-actions/.github/workflows/docker.yml@714a68188444d710ffa3e9f35a05f6a9d420931d # 3.2.0 needs: release_semantic_dry permissions: packages: write @@ -51,7 +51,7 @@ jobs: release_semantic: needs: build name: Release (semantic) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2b47b35b82df04152c34ae042bd011dd83f28ffd # 2.8.0 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@714a68188444d710ffa3e9f35a05f6a9d420931d # 3.2.0 permissions: contents: write secrets: @@ -59,7 +59,7 @@ jobs: deploy: needs: build name: Deploy - uses: dargmuesli/github-actions/.github/workflows/deploy-cloudflare-pages.yml@2b47b35b82df04152c34ae042bd011dd83f28ffd # 2.8.0 + uses: dargmuesli/github-actions/.github/workflows/deploy-cloudflare-pages.yml@714a68188444d710ffa3e9f35a05f6a9d420931d # 3.2.0 permissions: contents: read deployments: write diff --git a/.github/workflows/release-schedule.yml b/.github/workflows/release-schedule.yml index 633ae24..0cf97de 100644 --- a/.github/workflows/release-schedule.yml +++ b/.github/workflows/release-schedule.yml @@ -11,7 +11,7 @@ on: jobs: release-schedule: name: "Release: Scheduled" - uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2b47b35b82df04152c34ae042bd011dd83f28ffd # 2.8.0 + uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@714a68188444d710ffa3e9f35a05f6a9d420931d # 3.2.0 secrets: PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} with: From 0c8de8127a35b0eb0d2a7bfd4c211a8efe58f1de Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 7 Nov 2025 15:43:04 +0100 Subject: [PATCH 2/2] ci: upgrade to dargmuesli/github-actions action to v3 --- .github/workflows/ci.yml | 30 +++++++++++--------------- .github/workflows/release-schedule.yml | 3 +-- 2 files changed, 14 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 46f0a2b..6f0707b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,7 +1,6 @@ name: CI -permissions: - contents: read +permissions: {} on: pull_request: @@ -9,29 +8,24 @@ on: branches: - alpha - beta + - main - master - renovate/** jobs: - prepare_jobs: - name: "Prepare: job optimization" - runs-on: ubuntu-latest - outputs: - pr_found: ${{ steps.pr.outputs.pr_found }} - steps: - - name: Get current PR - id: pr - uses: 8BitJonny/gh-get-current-pr@4056877062a1f3b624d5d4c2bedefa9cf51435c9 # 4.0.0 - with: - filterOutClosed: true - filterOutDraft: true + ci-optimization: + name: CI optimization + uses: dargmuesli/github-actions/.github/workflows/ci-optimization.yml@714a68188444d710ffa3e9f35a05f6a9d420931d # 3.2.0 + permissions: + pull-requests: read release_semantic_dry: - needs: prepare_jobs + needs: ci-optimization + if: needs.ci-optimization.outputs.continue == 'true' name: Release (semantic, dry) uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@714a68188444d710ffa3e9f35a05f6a9d420931d # 3.2.0 - if: needs.prepare_jobs.outputs.pr_found == 'false' || github.event_name == 'pull_request' permissions: contents: write + id-token: write secrets: PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} with: @@ -44,7 +38,8 @@ jobs: packages: write with: ARTIFACT_PATH: src/.output/public/ - BUILD_ARGUMENTS: SITE_URL=https://dargstack-example.jonas-thelemann.de + BUILD_ARGUMENTS: | + SITE_URL=https://dargstack-example.jonas-thelemann.de TAG: ${{ needs.release_semantic_dry.outputs.new_release_version }} secrets: PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} @@ -54,6 +49,7 @@ jobs: uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@714a68188444d710ffa3e9f35a05f6a9d420931d # 3.2.0 permissions: contents: write + id-token: write secrets: PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} deploy: diff --git a/.github/workflows/release-schedule.yml b/.github/workflows/release-schedule.yml index 0cf97de..c90c6e5 100644 --- a/.github/workflows/release-schedule.yml +++ b/.github/workflows/release-schedule.yml @@ -1,7 +1,6 @@ name: "Release: Scheduled" -permissions: - contents: read +permissions: {} on: schedule: