Repomix

name: Ratchet update on: schedule: - cron: '0 0 * * 1' # Every Monday at midnight UTC workflow_dispatch: # Allow manual trigger jobs: update: runs-on: ubuntu-latest permissions: contents: write pull-requests: write steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 with: token: ${{ secrets.GITHUB_TOKEN }} - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # ratchet:actions/setup-go@v5 with: go-version: stable - name: Install ratchet run: | go install github.com/sethvargo/ratchet@v0.11.3 ratchet --version - name: Update pinned SHAs run: | ratchet update ".github/workflows/"*.yml - name: Check for changes id: changes run: | if git diff --quiet; then echo "has_changes=false" >> "$GITHUB_OUTPUT" else echo "has_changes=true" >> "$GITHUB_OUTPUT" fi - name: Create Pull Request if: steps.changes.outputs.has_changes == 'true' uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # ratchet:peter-evans/create-pull-request@v7 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: 'chore(ci): Update pinned GitHub Actions SHAs' title: 'chore(ci): Update pinned GitHub Actions SHAs' body: | ## Summary - Updated pinned GitHub Actions SHAs using ratchet ## Changes This PR contains automated updates to the pinned SHAs in GitHub Actions workflows to ensure we're using the latest versions while maintaining security through SHA pinning. ## Checklist - [x] Run `npm run test` - [x] Run `npm run lint` branch: chore/update-actions-shas delete-branch: true