diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 89eb874..1236ed3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,11 +11,11 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Set up pixi - uses: prefix-dev/setup-pixi@ba3bb36eb2066252b2363392b7739741bb777659 # v0.8.1 + uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 with: environments: build - name: Build project @@ -23,7 +23,7 @@ jobs: - name: Check package run: pixi run -e build check-wheel - name: Upload package - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: artifact path: dist/* @@ -37,7 +37,7 @@ jobs: id-token: write environment: pypi steps: - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: artifact path: dist diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 69d42b7..eb6d53e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ jobs: code_change: ${{ steps.filter.outputs.code }} matrix: ${{ env.MATRIX }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 if: github.event_name != 'pull_request' - name: Check for code changes uses: dorny/paths-filter@v3 @@ -81,9 +81,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout branch - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up pixi - uses: prefix-dev/setup-pixi@ba3bb36eb2066252b2363392b7739741bb777659 # v0.8.1 + uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 with: environments: default lint - name: pre-commit @@ -103,11 +103,11 @@ jobs: - windows-latest steps: - name: Checkout branch - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Set up pixi - uses: prefix-dev/setup-pixi@ba3bb36eb2066252b2363392b7739741bb777659 # v0.8.1 + uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 with: environments: ${{ matrix.environment }} - name: Get cache week key @@ -115,7 +115,7 @@ jobs: run: echo "week=$(date +%Y-W%V)" >> $GITHUB_OUTPUT shell: bash - name: Cache test index - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.holoviz-mcp-test key: holoviz-mcp-test-index-${{ runner.os }}-${{ hashFiles('src/holoviz_mcp/config/config.yaml', 'src/holoviz_mcp/holoviz_mcp/data.py') }}-${{ steps.cache-week.outputs.week }} @@ -150,17 +150,17 @@ jobs: PANEL_LOG_LEVEL: info steps: - name: Checkout branch - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Pixi - uses: prefix-dev/setup-pixi@v0.8.1 + uses: prefix-dev/setup-pixi@v0.9.4 with: environments: ${{ matrix.environment }} - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.11' @@ -183,7 +183,7 @@ jobs: shell: bash - name: Upload UI Screenshots - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 if: always() with: name: ui_screenshots_${{ runner.os }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index aedc6c4..ffcd441 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -46,10 +46,10 @@ jobs: sudo docker image prune --all --force - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 # Note: Fork detection is intentionally NOT implemented here. # Unlike the docs workflow, we allow forks to push to their own GHCR instances @@ -58,7 +58,7 @@ jobs: # Each fork pushes to ghcr.io//holoviz-mcp, not the upstream registry. - name: Log in to GitHub Container Registry if: github.event_name != 'pull_request' - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -66,7 +66,7 @@ jobs: - name: Extract metadata (tags, labels) id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.REGISTRY }}/${{ steps.image-name.outputs.IMAGE_NAME }} tags: | @@ -93,7 +93,7 @@ jobs: - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 with: context: . file: ./Dockerfile @@ -119,7 +119,7 @@ jobs: - name: Generate artifact attestation if: github.event_name != 'pull_request' - uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-name: ${{ env.REGISTRY }}/${{ steps.image-name.outputs.IMAGE_NAME }} subject-digest: ${{ steps.build-and-push.outputs.digest }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 875a833..5086f4c 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -26,12 +26,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Pixi - uses: prefix-dev/setup-pixi@ba3bb36eb2066252b2363392b7739741bb777659 # v0.8.1 + uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 with: environments: docs @@ -39,7 +39,7 @@ jobs: run: pixi run -e docs build - name: Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@v4 with: path: ./site diff --git a/.github/workflows/update-lockfiles.yml b/.github/workflows/update-lockfiles.yml index 2dd8cea..ca327ba 100644 --- a/.github/workflows/update-lockfiles.yml +++ b/.github/workflows/update-lockfiles.yml @@ -12,16 +12,16 @@ jobs: pixi-update: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up pixi - uses: prefix-dev/setup-pixi@ba3bb36eb2066252b2363392b7739741bb777659 # v0.8.1 + uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 with: run-install: false - name: Update lockfiles run: | pixi update --json --no-install | pixi exec pixi-diff-to-markdown >> diff.md - name: Create pull request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: Update pixi lockfile