From 656fc53eae433bfc26c1adc0058dc51ee3785039 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 10:13:46 +0000 Subject: [PATCH 1/2] chore(ci): bump the actions group with 4 updates Bumps the actions group with 4 updates: [radiorabe/actions/.github/workflows/test-pre-commit.yaml](https://github.com/radiorabe/actions), [radiorabe/actions/.github/workflows/test-python-poetry.yaml](https://github.com/radiorabe/actions), [radiorabe/actions/.github/workflows/release-python-poetry.yaml](https://github.com/radiorabe/actions) and [radiorabe/actions/.github/workflows/semantic-release.yaml](https://github.com/radiorabe/actions). Updates `radiorabe/actions/.github/workflows/test-pre-commit.yaml` from 0.41.3 to 0.42.0 - [Release notes](https://github.com/radiorabe/actions/releases) - [Commits](https://github.com/radiorabe/actions/compare/c7aef9928f610ec51b44f84debf2321189276d54...479996126a091287dc3fd349786f6f8a6dd1b23c) Updates `radiorabe/actions/.github/workflows/test-python-poetry.yaml` from 0.41.3 to 0.42.0 - [Release notes](https://github.com/radiorabe/actions/releases) - [Commits](https://github.com/radiorabe/actions/compare/c7aef9928f610ec51b44f84debf2321189276d54...479996126a091287dc3fd349786f6f8a6dd1b23c) Updates `radiorabe/actions/.github/workflows/release-python-poetry.yaml` from 0.41.3 to 0.42.0 - [Release notes](https://github.com/radiorabe/actions/releases) - [Commits](https://github.com/radiorabe/actions/compare/c7aef9928f610ec51b44f84debf2321189276d54...479996126a091287dc3fd349786f6f8a6dd1b23c) Updates `radiorabe/actions/.github/workflows/semantic-release.yaml` from 0.41.3 to 0.42.0 - [Release notes](https://github.com/radiorabe/actions/releases) - [Commits](https://github.com/radiorabe/actions/compare/c7aef9928f610ec51b44f84debf2321189276d54...479996126a091287dc3fd349786f6f8a6dd1b23c) --- updated-dependencies: - dependency-name: radiorabe/actions/.github/workflows/test-pre-commit.yaml dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: radiorabe/actions/.github/workflows/test-python-poetry.yaml dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: radiorabe/actions/.github/workflows/release-python-poetry.yaml dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: radiorabe/actions/.github/workflows/semantic-release.yaml dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-and-test.yaml | 4 ++-- .github/workflows/release.yaml | 2 +- .github/workflows/semantic-release.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yaml b/.github/workflows/lint-and-test.yaml index 9547c7c..ef67b80 100644 --- a/.github/workflows/lint-and-test.yaml +++ b/.github/workflows/lint-and-test.yaml @@ -9,6 +9,6 @@ on: jobs: pre-commit: - uses: radiorabe/actions/.github/workflows/test-pre-commit.yaml@c7aef9928f610ec51b44f84debf2321189276d54 # v0.41.3 + uses: radiorabe/actions/.github/workflows/test-pre-commit.yaml@479996126a091287dc3fd349786f6f8a6dd1b23c # v0.42.0 pytest: - uses: radiorabe/actions/.github/workflows/test-python-poetry.yaml@c7aef9928f610ec51b44f84debf2321189276d54 # v0.41.3 + uses: radiorabe/actions/.github/workflows/test-python-poetry.yaml@479996126a091287dc3fd349786f6f8a6dd1b23c # v0.42.0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8a7f30a..d8f4bd1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,6 +9,6 @@ on: jobs: python-poetry: - uses: radiorabe/actions/.github/workflows/release-python-poetry.yaml@c7aef9928f610ec51b44f84debf2321189276d54 # v0.41.3 + uses: radiorabe/actions/.github/workflows/release-python-poetry.yaml@479996126a091287dc3fd349786f6f8a6dd1b23c # v0.42.0 secrets: RABE_PYPI_TOKEN: ${{ secrets.RABE_PYPI_TOKEN }} diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml index f7fb14c..00510bd 100644 --- a/.github/workflows/semantic-release.yaml +++ b/.github/workflows/semantic-release.yaml @@ -7,6 +7,6 @@ on: jobs: call-workflow: - uses: radiorabe/actions/.github/workflows/semantic-release.yaml@c7aef9928f610ec51b44f84debf2321189276d54 # v0.41.3 + uses: radiorabe/actions/.github/workflows/semantic-release.yaml@479996126a091287dc3fd349786f6f8a6dd1b23c # v0.42.0 secrets: RABE_ITREAKTION_GITHUB_TOKEN: ${{ secrets.RABE_ITREAKTION_GITHUB_TOKEN }} From 2dcc770081c87a70c262b9037e26fe36f6fb4e90 Mon Sep 17 00:00:00 2001 From: Lucas <116588+hairmare@users.noreply.github.com> Date: Wed, 8 Apr 2026 20:13:25 +0200 Subject: [PATCH 2/2] chore(ci): add zizmor Added GitHub Actions step for security event publishing. --- .github/workflows/lint-and-test.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/lint-and-test.yaml b/.github/workflows/lint-and-test.yaml index ef67b80..5f79191 100644 --- a/.github/workflows/lint-and-test.yaml +++ b/.github/workflows/lint-and-test.yaml @@ -12,3 +12,8 @@ jobs: uses: radiorabe/actions/.github/workflows/test-pre-commit.yaml@479996126a091287dc3fd349786f6f8a6dd1b23c # v0.42.0 pytest: uses: radiorabe/actions/.github/workflows/test-python-poetry.yaml@479996126a091287dc3fd349786f6f8a6dd1b23c # v0.42.0 + github-actions: + permissions: + contents: read + security-events: write # so zizmor can publish results to the Security tab + uses: radiorabe/actions/.github/workflows/test-github-actions.yaml@479996126a091287dc3fd349786f6f8a6dd1b23c # v0.42.0