diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f768349..5698321 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -42,11 +42,11 @@ updates: interval: "weekly" open-pull-requests-limit: 5 groups: - github-actions: + github_actions: patterns: - "*" commit-message: prefix: "ci" labels: - "dependencies" - - "github-actions" + - "github_actions" diff --git a/.github/workflows/automatic-release.yaml b/.github/workflows/automatic-release.yaml index 6b6797d..5da0394 100644 --- a/.github/workflows/automatic-release.yaml +++ b/.github/workflows/automatic-release.yaml @@ -27,7 +27,7 @@ jobs: outputs: labels: ${{ steps.match-label.outputs.match }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - id: match-label shell: bash run: | diff --git a/.github/workflows/build-and-validate.yaml b/.github/workflows/build-and-validate.yaml index 73219a5..799e14c 100644 --- a/.github/workflows/build-and-validate.yaml +++ b/.github/workflows/build-and-validate.yaml @@ -89,7 +89,7 @@ jobs: packages: read steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 diff --git a/.github/workflows/build-full-matrix.yaml b/.github/workflows/build-full-matrix.yaml index cf2620c..ce162dc 100644 --- a/.github/workflows/build-full-matrix.yaml +++ b/.github/workflows/build-full-matrix.yaml @@ -86,7 +86,7 @@ jobs: - 5000:5000 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 diff --git a/.github/workflows/build-python-base.yaml b/.github/workflows/build-python-base.yaml index a854ea8..8b4528c 100644 --- a/.github/workflows/build-python-base.yaml +++ b/.github/workflows/build-python-base.yaml @@ -74,7 +74,7 @@ jobs: packages: write steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 diff --git a/.github/workflows/pr-labels.yaml b/.github/workflows/pr-labels.yaml index ba3be9f..c448589 100644 --- a/.github/workflows/pr-labels.yaml +++ b/.github/workflows/pr-labels.yaml @@ -14,8 +14,10 @@ jobs: contains-labels: if: ${{!startsWith(github.head_ref, 'release/')}} runs-on: ubuntu-latest + # The action approves the PR (creates a review) when labels are valid, + # which requires write access, not just read. permissions: - pull-requests: read + pull-requests: write steps: - uses: jesusvasquez333/verify-pr-label-action@v1.4.0 with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 40fc4a1..52e1749 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: marvinpinto/action-automatic-releases@latest with: @@ -53,7 +53,7 @@ jobs: outputs: main_pr: ${{ steps.create_main_pr.outputs.pull_request_number }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Create release branch run: git checkout -b release/${{ inputs.version }} @@ -116,7 +116,7 @@ jobs: packages: read pull-requests: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Install grype run: | diff --git a/Dockerfile b/Dockerfile index 6b7b259..d1ac8d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,7 @@ ARG PYTHON_RUNTIME_TRIXIE_IMAGE=python-runtime:py3.14-glibc-trixie ARG PYTHON_RUNTIME_SLIM_IMAGE=python-runtime:py3.14-glibc-trixie-slim ARG PYTHON_RUNTIME_ALPINE_IMAGE=python-runtime:py3.14-musl-alpine -FROM alpine/git:2.52.0@sha256:4a0e72d49596a1f5d3701aeedafdadc5c0da4062be4657c7bdc4017387f591cc AS gtsam-source +FROM alpine/git:v2.54.0@sha256:113d99116e236f93f0b1f53cd46dbda662cf1136d20dc9ae2834962226654d9f AS gtsam-source ARG GTSAM_VERSION WORKDIR /usr/src RUN git clone --quiet --depth 1 --branch "${GTSAM_VERSION}" https://github.com/borglab/gtsam.git