Merge branch 'main' into sosey-patch-2

spacetelescope · Nov 27, 2024 · a8aa384 · a8aa384
2 parents cb936cd + f69bd3f
commit a8aa384
Show file tree

Hide file tree

Showing 5 changed files with 1,135 additions and 8 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions" # See documentation for possible values
+    directory: ".github/workflows" # Location of package manifests
+    schedule:
+      interval: "monthly"
+    groups:
+      actions:
+        patterns:
+          - "*"
+
diff --git a/.github/workflows/bandit-schedule.yml b/.github/workflows/bandit-schedule.yml
@@ -24,19 +24,19 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
 
       - name: Get changed notebooks
         id: get-changed-notebooks
-        uses: tj-actions/changed-files@v44.5.5
+        uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf  # v45.0.4
         with:
           separator: " " # nbconvert accepts space separated file list
           safe_output: false # binding to env below
           files: |
             **/*.ipynb    
       
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b  # v5.3.0
         with:
           python-version: ${{ vars.PYTHON_VERSION }}
           cache: 'pip'
@@ -63,7 +63,7 @@ jobs:
 
       - name: Upload sarif artifact to security
         if: ${{ failure() }}
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@5618c9fc1e675841ca52c1c6b1304f5255a905a0  # codeql-bundle-v2.19.0
         with:
           sarif_file: results.sarif
 

diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
@@ -29,16 +29,16 @@ jobs:
       contents: read
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b  # v5.3.0
         with:
           python-version: ${{ vars.PYTHON_VERSION }}
 
       - name: Get changed notebooks
         id: get-changed-notebooks
-        uses: tj-actions/changed-files@v44.5.5
+        uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf  # v45.0.4
         with:
           separator: " " # nbconvert accepts space separated file list
           safe_output: false # binding to env below
@@ -70,7 +70,7 @@ jobs:
 
       - name: Upload bandit artifact for PR review
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882  # v4.4.3
         with:
           name: ${{ env.BANDIT_ARTIFACT }}
           path: ${{ env.BANDIT_ARTIFACT }}