mdbook/.github/workflows/update-dependencies.yml
Tobias Bieniek 2ab29ef789
CI: Pin GitHub Actions to commit SHAs
This pins all third-party actions to immutable commit SHAs, with the
resolved version tag in a trailing comment. This prevents upstream
tags from silently changing under us.

- actions/checkout → v6.0.2 (bumped from v5 to reduce `artipacked`
  severity: v6 no longer stores credentials in `.git/config`)
- actions/setup-node → v6.3.0
- rust-lang/crates-io-auth-action → v1.0.4

See https://docs.zizmor.sh/audits/#unpinned-uses
2026-04-10 14:35:42 +02:00

21 lines
604 B
YAML

name: Update dependencies
on:
schedule:
- cron: '0 0 1 * *'
workflow_dispatch:
jobs:
update:
name: Update dependencies
runs-on: ubuntu-latest
if: github.repository == 'rust-lang/mdBook'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install Rust
run: bash ci/install-rust.sh stable x86_64-unknown-linux-gnu
- name: Install cargo-edit
run: cargo install cargo-edit --locked
- name: Update dependencies
run: ci/update-dependencies.sh
env:
GH_TOKEN: ${{ github.token }}