├── .github ├── FUNDING.yml └── workflows │ ├── actionlint.yaml │ ├── autofix.yaml │ ├── check-commit-signing.yaml │ ├── test.yaml │ ├── wc-ghalint.yaml │ ├── wc-renovate-config-validator.yaml │ ├── wc-test.yaml │ └── workflow_call_test.yaml ├── LICENSE ├── README.md ├── action.yaml ├── aqua ├── aqua-checksums.json ├── aqua.yaml └── imports │ ├── actionlint.yaml │ ├── cmdx.yaml │ ├── ghalint.yaml │ ├── pinact.yaml │ └── reviewdog.yaml └── renovate.json5 /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository 2 | github: 3 | - suzuki-shunsuke 4 | -------------------------------------------------------------------------------- /.github/workflows/actionlint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: actionlint 3 | on: pull_request 4 | permissions: {} 5 | jobs: 6 | actionlint: 7 | runs-on: ubuntu-24.04 8 | if: failure() 9 | timeout-minutes: 10 10 | permissions: {} 11 | needs: 12 | - main 13 | steps: 14 | - run: exit 1 15 | main: 16 | uses: suzuki-shunsuke/actionlint-workflow/.github/workflows/actionlint.yaml@dbe6151b36d408b24ca5c41a34291b2b6d1bff76 # v2.0.1 17 | permissions: 18 | pull-requests: write 19 | contents: read 20 | -------------------------------------------------------------------------------- /.github/workflows/autofix.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: autofix.ci 3 | on: pull_request 4 | permissions: {} 5 | jobs: 6 | autofix: 7 | runs-on: ubuntu-24.04 8 | permissions: {} 9 | timeout-minutes: 15 10 | steps: 11 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 12 | with: 13 | persist-credentials: false 14 | - uses: aquaproj/aqua-installer@9ebf656952a20c45a5d66606f083ff34f58b8ce0 # v4.0.0 15 | with: 16 | aqua_version: v2.51.2 17 | env: 18 | GITHUB_TOKEN: ${{github.token}} 19 | - run: aqua upc -prune 20 | - uses: suzuki-shunsuke/autofixci-action@a148ca710fd8bf5d9959d5d7604018ce8a77bad0 # v1.3.2-1 21 | -------------------------------------------------------------------------------- /.github/workflows/check-commit-signing.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Check if all commits are signed 3 | on: 4 | pull_request_target: 5 | branches: [main] 6 | concurrency: 7 | group: ${{ github.workflow }}--${{ github.head_ref }} # github.ref is unavailable in case of pull_request_target 8 | cancel-in-progress: true 9 | jobs: 10 | check-commit-signing: 11 | uses: suzuki-shunsuke/check-commit-signing-workflow/.github/workflows/check.yaml@547eee345f56310a656f271ec5eaa900af46b0fb # v0.1.0 12 | permissions: 13 | contents: read 14 | pull-requests: write 15 | -------------------------------------------------------------------------------- /.github/workflows/test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: test 3 | on: pull_request 4 | concurrency: 5 | group: ${{ github.workflow }}-${{ github.ref }} 6 | cancel-in-progress: true 7 | permissions: {} 8 | jobs: 9 | status-check: 10 | runs-on: ubuntu-24.04 11 | if: failure() 12 | timeout-minutes: 10 13 | permissions: {} 14 | needs: 15 | - test 16 | steps: 17 | - run: exit 1 18 | test: 19 | uses: ./.github/workflows/workflow_call_test.yaml 20 | permissions: 21 | contents: read 22 | -------------------------------------------------------------------------------- /.github/workflows/wc-ghalint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: ghalint 3 | on: workflow_call 4 | env: 5 | AQUA_LOG_COLOR: always 6 | jobs: 7 | ghalint: 8 | # Validate GitHub Actions Workflows by ghalint. 9 | timeout-minutes: 30 10 | runs-on: ubuntu-latest 11 | permissions: {} 12 | steps: 13 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 14 | with: 15 | persist-credentials: false 16 | - uses: aquaproj/aqua-installer@9ebf656952a20c45a5d66606f083ff34f58b8ce0 # v4.0.0 17 | with: 18 | aqua_version: v2.51.2 19 | env: 20 | AQUA_GITHUB_TOKEN: ${{github.token}} 21 | - run: ghalint run 22 | env: 23 | GHALINT_LOG_COLOR: always 24 | AQUA_GITHUB_TOKEN: ${{github.token}} 25 | -------------------------------------------------------------------------------- /.github/workflows/wc-renovate-config-validator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: renovate-config-validator 3 | on: workflow_call 4 | jobs: 5 | renovate-config-validator: 6 | # Validate Renovate Configuration by renovate-config-validator. 7 | uses: suzuki-shunsuke/renovate-config-validator-workflow/.github/workflows/validate.yaml@e8effbd185cbe3874cddef63f48b8bdcfc9ada55 # v0.2.4 8 | permissions: 9 | contents: read 10 | -------------------------------------------------------------------------------- /.github/workflows/wc-test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: wc-test 3 | on: workflow_call 4 | 5 | jobs: 6 | test: 7 | timeout-minutes: 30 8 | runs-on: ubuntu-latest 9 | permissions: {} 10 | steps: 11 | - name: Checkout 12 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 13 | with: 14 | persist-credentials: false 15 | - uses: ./ 16 | with: 17 | skip_push: true 18 | - uses: ./ 19 | with: 20 | github_token: ${{github.token}} 21 | -------------------------------------------------------------------------------- /.github/workflows/workflow_call_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: test (workflow_call) 3 | on: workflow_call 4 | permissions: {} 5 | jobs: 6 | path-filter: 7 | # Get changed files to filter jobs 8 | timeout-minutes: 10 9 | outputs: 10 | renovate-config-validator: ${{steps.changes.outputs.renovate-config-validator}} 11 | ghalint: ${{steps.changes.outputs.ghalint}} 12 | runs-on: ubuntu-latest 13 | permissions: {} 14 | steps: 15 | - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 16 | id: changes 17 | with: 18 | filters: | 19 | renovate-config-validator: 20 | - renovate.json5 21 | - .github/workflows/test.yaml 22 | - .github/workflows/wc-renovate-config-validator.yaml 23 | ghalint: 24 | - .github/workflows/*.yaml 25 | - aqua/aqua.yaml 26 | - aqua/imports/ghalint.yaml 27 | - ghalint.yaml 28 | 29 | renovate-config-validator: 30 | uses: ./.github/workflows/wc-renovate-config-validator.yaml 31 | needs: path-filter 32 | if: needs.path-filter.outputs.renovate-config-validator == 'true' 33 | permissions: 34 | contents: read 35 | 36 | ghalint: 37 | needs: path-filter 38 | if: needs.path-filter.outputs.ghalint == 'true' 39 | uses: ./.github/workflows/wc-ghalint.yaml 40 | permissions: {} 41 | 42 | test: 43 | uses: ./.github/workflows/wc-test.yaml 44 | needs: path-filter 45 | permissions: {} 46 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Shunsuke Suzuki 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # pinact-action 2 | 3 | [![License](http://img.shields.io/badge/license-mit-blue.svg?style=flat-square)](https://raw.githubusercontent.com/suzuki-shunsuke/pinact-action/main/LICENSE) | [action.yaml](action.yaml) 4 | 5 | pinact-action is a GitHub Actions to pin GitHub Actions and reusable workflows by [pinact](https://github.com/suzuki-shunsuke/pinact). 6 | This action fixes files `\.github/workflows/[^/]+\.ya?ml$` and `^(.*/)?action\.ya?ml?` and pushes a commit to a remote branch. 7 | 8 | ![image](https://github.com/suzuki-shunsuke/pinact-action/assets/13323303/dd301d04-152c-49ac-bdf3-dbf8293b376f) 9 | 10 | ![image](https://github.com/suzuki-shunsuke/pinact-action/assets/13323303/bcc1de57-0893-4536-b4bb-db2c9ed34231) 11 | 12 | If you don't want to push a commit, this action can also only validate files. 13 | In this case, if actions aren't pinned CI fails. 14 | 15 | ![image](https://github.com/suzuki-shunsuke/pinact-action/assets/13323303/fc3ba9c1-561e-4bfe-8c73-5874bbcae69c) 16 | 17 | ## GitHub Access Token 18 | 19 | You can use the following things: 20 | 21 | - :thumbsup: GitHub App Installation access token: We recommend this 22 | - :thumbsdown: GitHub Personal Access Token: This can't create verified commits 23 | - :thumbsdown: `${{secrets.GITHUB_TOKEN}}`: This can't trigger new workflow runs. 24 | 25 | https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow 26 | 27 | > When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. 28 | 29 | ### Required permissions 30 | 31 | `contents:write` is required. 32 | Furthermore, if you want to fix workflow files, `workflows:write` is also required. 33 | If private actions are used, the permission `contents:read` to access those repositories are also required. 34 | 35 | ## How To Use 36 | 37 | All inputs are optional. 38 | 39 | ```yaml 40 | name: Pinact 41 | on: 42 | pull_request: {} 43 | jobs: 44 | pinact: 45 | runs-on: ubuntu-24.04 46 | steps: 47 | - name: Checkout 48 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 49 | with: 50 | persist-credentials: false 51 | 52 | - name: Pin actions 53 | uses: suzuki-shunsuke/pinact-action@d735505f3decf76fca3fdbb4c952e5b3eba0ffdd # v0.1.2 54 | ``` 55 | 56 | By default, this action uses `${{github.token}}` to create a commit. 57 | But we recommend GitHub App because `${{github.token}}` doesn't trigger a new workflow run. 58 | 59 | You can create a GitHub App installation access token and pass it to pinact-action yourself, but you can also pass a pair of GitHub App ID and private key. 60 | Then pinact-action creates a GitHub App installation access token with minimum `repositories` and `permissions`. 61 | 62 | ```yaml 63 | - uses: suzuki-shunsuke/pinact-action@d735505f3decf76fca3fdbb4c952e5b3eba0ffdd # v0.1.2 64 | with: 65 | app_id: ${{secrets.APP_ID}} 66 | app_private_key: ${{secrets.APP_PRIVATE_KEY}} 67 | ``` 68 | 69 | ### skip_push 70 | 71 | If you don't want to push a commit, this action can also only validate files. 72 | In this case, if actions aren't pinned CI fails. 73 | 74 | ```yaml 75 | - uses: suzuki-shunsuke/pinact-action@d735505f3decf76fca3fdbb4c952e5b3eba0ffdd # v0.1.2 76 | with: 77 | skip_push: "true" 78 | ``` 79 | -------------------------------------------------------------------------------- /action.yaml: -------------------------------------------------------------------------------- 1 | name: pinact 2 | description: Pin GitHub Actions and reusable workflows by pinact 3 | author: Shunsuke Suzuki 4 | branding: 5 | icon: git-commit 6 | color: blue 7 | inputs: 8 | github_token: 9 | description: | 10 | GitHub Access Token 11 | contents:write - Push commits 12 | required: false 13 | app_id: 14 | description: | 15 | GitHub App ID 16 | required: false 17 | app_private_key: 18 | description: | 19 | GitHub App Private Key 20 | required: false 21 | skip_push: 22 | required: false 23 | description: | 24 | Skip pushing a commit 25 | default: "false" 26 | runs: 27 | using: composite 28 | steps: 29 | # Install pinact by aqua 30 | - shell: bash 31 | id: pinact_installed 32 | run: | 33 | if command -v pinact; then 34 | echo "value=true" >> "$GITHUB_OUTPUT" 35 | exit 0 36 | fi 37 | echo "value=false" >> "$GITHUB_OUTPUT" 38 | 39 | - run: echo "value=$GITHUB_ACTION_PATH/aqua/aqua.yaml" >> "$GITHUB_OUTPUT" 40 | id: aqua_config 41 | if: steps.pinact_installed.outputs.value == 'false' 42 | shell: bash 43 | - uses: aquaproj/aqua-installer@9ebf656952a20c45a5d66606f083ff34f58b8ce0 # v4.0.0 44 | if: steps.pinact_installed.outputs.value == 'false' 45 | with: 46 | aqua_version: v2.51.2 47 | skip_install_aqua: "true" 48 | env: 49 | AQUA_CONFIG: ${{steps.aqua_config.outputs.value}} 50 | 51 | - shell: bash 52 | run: pinact -v 53 | env: 54 | AQUA_GLOBAL_CONFIG: ${{env.AQUA_GLOBAL_CONFIG}}:${{steps.aqua_config.outputs.value}} 55 | - shell: bash 56 | id: files 57 | run: | 58 | tempfile=$(mktemp) 59 | git ls-files | grep -E '\.github/workflows/[^/]+\.ya?ml$' > "$tempfile" 60 | git ls-files | grep -E '^(.*/)?action\.ya?ml?' >> "$tempfile" || true 61 | { 62 | echo 'value<> "$GITHUB_OUTPUT" 66 | 67 | - shell: bash 68 | run: | 69 | set -euo pipefail 70 | if ! (echo "$FILES" | xargs -r pinact run --check); then 71 | echo "::error:: GitHub Actions aren't pinned." 72 | exit 1 73 | fi 74 | if: fromJSON(inputs.skip_push) 75 | env: 76 | FILES: ${{ steps.files.outputs.value }} 77 | AQUA_GLOBAL_CONFIG: ${{env.AQUA_GLOBAL_CONFIG}}:${{steps.aqua_config.outputs.value}} 78 | 79 | - shell: bash 80 | id: pinact 81 | if: | 82 | ! fromJSON(inputs.skip_push) 83 | env: 84 | FILES: ${{ steps.files.outputs.value }} 85 | AQUA_GLOBAL_CONFIG: ${{env.AQUA_GLOBAL_CONFIG}}:${{steps.aqua_config.outputs.value}} 86 | run: | 87 | if ! (echo "$FILES" | xargs -r pinact run); then 88 | echo "::error:: pinact run failed" 89 | echo "failed=true" >> "$GITHUB_OUTPUT" 90 | fi 91 | 92 | - shell: bash 93 | id: check_changed 94 | if: | 95 | ! fromJSON(inputs.skip_push) 96 | env: 97 | FILES: ${{ steps.files.outputs.value }} 98 | run: | 99 | set -euo pipefail 100 | if echo "$FILES" | xargs -r git diff --exit-code; then 101 | echo "::notice:: No changes" >&2 102 | echo "value=false" >> "$GITHUB_OUTPUT" 103 | else 104 | echo "value=true" >> "$GITHUB_OUTPUT" 105 | fi 106 | 107 | - shell: bash 108 | if: | 109 | ! fromJSON(inputs.skip_push) && steps.check_changed.outputs.value == 'true' 110 | run: | 111 | echo "::error:: GitHub Actions aren't pinned. A commit is pushed automatically to pin GitHub Actions." 112 | 113 | - uses: suzuki-shunsuke/commit-action@cc96d3a3fd959d05e9b79ca395eb30b835aeba24 # v0.0.7 114 | if: | 115 | ! fromJSON(inputs.skip_push) && steps.check_changed.outputs.value == 'true' 116 | with: 117 | files: ${{ steps.files.outputs.value }} 118 | github_token: ${{inputs.github_token}} 119 | app_id: ${{inputs.app_id}} 120 | app_private_key: ${{inputs.app_private_key}} 121 | commit_message: "chore(pinact): pin GitHub Actions" 122 | 123 | - shell: bash 124 | if: | 125 | steps.pinact.outputs.failed == 'true' 126 | run: | 127 | echo "pinact run failed" 128 | exit 1 129 | -------------------------------------------------------------------------------- /aqua/aqua-checksums.json: -------------------------------------------------------------------------------- 1 | { 2 | "checksums": [ 3 | { 4 | "id": "github_release/github.com/reviewdog/reviewdog/v0.20.3/reviewdog_0.20.3_Darwin_arm64.tar.gz", 5 | "checksum": "A7FBF41913CE5B6F1872D10C136139B7A849190F4F1F0DC1ED4BF74C636F22A2", 6 | "algorithm": "sha256" 7 | }, 8 | { 9 | "id": "github_release/github.com/reviewdog/reviewdog/v0.20.3/reviewdog_0.20.3_Darwin_x86_64.tar.gz", 10 | "checksum": "056DD0F43ECCB8651FB976B43AA91A1D34B2A0C3934F216997774A7CBC1F7EB1", 11 | "algorithm": "sha256" 12 | }, 13 | { 14 | "id": "github_release/github.com/reviewdog/reviewdog/v0.20.3/reviewdog_0.20.3_Linux_arm64.tar.gz", 15 | "checksum": "BD0C4045B8F367F1CA6C0E7CFD80189CCD2A8CEAA22034ECBAD4AF0ACB3A3B82", 16 | "algorithm": "sha256" 17 | }, 18 | { 19 | "id": "github_release/github.com/reviewdog/reviewdog/v0.20.3/reviewdog_0.20.3_Linux_x86_64.tar.gz", 20 | "checksum": "2C634DBC00BD4A86E4D4C47029D2AF9185FAB06643A9DF0AE10E7C4D644781B6", 21 | "algorithm": "sha256" 22 | }, 23 | { 24 | "id": "github_release/github.com/reviewdog/reviewdog/v0.20.3/reviewdog_0.20.3_Windows_arm64.tar.gz", 25 | "checksum": "2DFD2C151AFF8B7D2DFDFC44FB47706667806AEA92F4F8238932BB89A0461D4A", 26 | "algorithm": "sha256" 27 | }, 28 | { 29 | "id": "github_release/github.com/reviewdog/reviewdog/v0.20.3/reviewdog_0.20.3_Windows_x86_64.tar.gz", 30 | "checksum": "068726CA98BBEB5E47378AB0B630133741E17BA1FEB5654A24EC5E604446EDEF", 31 | "algorithm": "sha256" 32 | }, 33 | { 34 | "id": "github_release/github.com/rhysd/actionlint/v1.7.7/actionlint_1.7.7_darwin_amd64.tar.gz", 35 | "checksum": "28E5DE5A05FC558474F638323D736D822FFF183D2D492F0AECB2B73CC44584F5", 36 | "algorithm": "sha256" 37 | }, 38 | { 39 | "id": "github_release/github.com/rhysd/actionlint/v1.7.7/actionlint_1.7.7_darwin_arm64.tar.gz", 40 | "checksum": "2693315B9093AEACB4EBD91A993FEA54FC215057BF0DA2659056B4BC033873DB", 41 | "algorithm": "sha256" 42 | }, 43 | { 44 | "id": "github_release/github.com/rhysd/actionlint/v1.7.7/actionlint_1.7.7_linux_amd64.tar.gz", 45 | "checksum": "023070A287CD8CCCD71515FEDC843F1985BF96C436B7EFFAECCE67290E7E0757", 46 | "algorithm": "sha256" 47 | }, 48 | { 49 | "id": "github_release/github.com/rhysd/actionlint/v1.7.7/actionlint_1.7.7_linux_arm64.tar.gz", 50 | "checksum": "401942F9C24ED71E4FE71B76C7D638F66D8633575C4016EFD2977CE7C28317D0", 51 | "algorithm": "sha256" 52 | }, 53 | { 54 | "id": "github_release/github.com/rhysd/actionlint/v1.7.7/actionlint_1.7.7_windows_amd64.zip", 55 | "checksum": "7F12F1801BCA3D480D67AAF7774F4C2A6359A3CA8EEBE382C95C10C9704AA731", 56 | "algorithm": "sha256" 57 | }, 58 | { 59 | "id": "github_release/github.com/rhysd/actionlint/v1.7.7/actionlint_1.7.7_windows_arm64.zip", 60 | "checksum": "76E9514CFAC18E5677AA04F3A89873C981F16A2F2353BB97372A86CD09B1F5A8", 61 | "algorithm": "sha256" 62 | }, 63 | { 64 | "id": "github_release/github.com/suzuki-shunsuke/cmdx/v2.0.1/cmdx_darwin_amd64.tar.gz", 65 | "checksum": "C7533B3D95241A4E7DE61C7240892DE19DBAAFD26EF44AD8020BC5000E24594D", 66 | "algorithm": "sha256" 67 | }, 68 | { 69 | "id": "github_release/github.com/suzuki-shunsuke/cmdx/v2.0.1/cmdx_darwin_arm64.tar.gz", 70 | "checksum": "141AD7EB4E3410864FD1D5D3E2920BC6C6163CE5B663A872283B0F58CFEA331F", 71 | "algorithm": "sha256" 72 | }, 73 | { 74 | "id": "github_release/github.com/suzuki-shunsuke/cmdx/v2.0.1/cmdx_linux_amd64.tar.gz", 75 | "checksum": "8DC530324176C3703C97E4FE355AF7ED82D4E6341219063856FD0A1594C6CC4B", 76 | "algorithm": "sha256" 77 | }, 78 | { 79 | "id": "github_release/github.com/suzuki-shunsuke/cmdx/v2.0.1/cmdx_linux_arm64.tar.gz", 80 | "checksum": "8AA707E58144DD29CBC5A02EEE62842A0F54964F7CF6118B513A2FEAE1811C74", 81 | "algorithm": "sha256" 82 | }, 83 | { 84 | "id": "github_release/github.com/suzuki-shunsuke/cmdx/v2.0.1/cmdx_windows_amd64.zip", 85 | "checksum": "26BF4BAA495AF54456BACF5A16416AD5B6C756F5661ABD56E73C08CBCEAD65FE", 86 | "algorithm": "sha256" 87 | }, 88 | { 89 | "id": "github_release/github.com/suzuki-shunsuke/cmdx/v2.0.1/cmdx_windows_arm64.zip", 90 | "checksum": "4BB8F4F65EDCE1D3AAE86168075B2E2CD3377E9A72E5D5F51EE097BFABE5DEE2", 91 | "algorithm": "sha256" 92 | }, 93 | { 94 | "id": "github_release/github.com/suzuki-shunsuke/ghalint/v1.4.1/ghalint_1.4.1_darwin_amd64.tar.gz", 95 | "checksum": "AD0D5893D9A4B38F6F8D35DC003A2BEEA63FA2EA48FF91DDD301773AB5711B21", 96 | "algorithm": "sha256" 97 | }, 98 | { 99 | "id": "github_release/github.com/suzuki-shunsuke/ghalint/v1.4.1/ghalint_1.4.1_darwin_arm64.tar.gz", 100 | "checksum": "70DC52A85C207FCB40F1CDBA5F097CCEF7564C5D217E48C60541743CFC15239B", 101 | "algorithm": "sha256" 102 | }, 103 | { 104 | "id": "github_release/github.com/suzuki-shunsuke/ghalint/v1.4.1/ghalint_1.4.1_linux_amd64.tar.gz", 105 | "checksum": "6A8EAA2568FA1FED64D63CCDD4538C3E329B873A7D78F49D207E9FA2FA6A65BB", 106 | "algorithm": "sha256" 107 | }, 108 | { 109 | "id": "github_release/github.com/suzuki-shunsuke/ghalint/v1.4.1/ghalint_1.4.1_linux_arm64.tar.gz", 110 | "checksum": "1417F9B7CE201C69A959BD5E7DA56BFE4128D8C5333EEDB94038B731CA30A12C", 111 | "algorithm": "sha256" 112 | }, 113 | { 114 | "id": "github_release/github.com/suzuki-shunsuke/ghalint/v1.4.1/ghalint_1.4.1_windows_amd64.zip", 115 | "checksum": "3C1EB280BDE931AD793A732B32C802D54C6DF418502A55393D9DC8573282259E", 116 | "algorithm": "sha256" 117 | }, 118 | { 119 | "id": "github_release/github.com/suzuki-shunsuke/ghalint/v1.4.1/ghalint_1.4.1_windows_arm64.zip", 120 | "checksum": "0802008325A617634398E0D73BB240F75551B4859769D045E6A91ECC9D85B1AE", 121 | "algorithm": "sha256" 122 | }, 123 | { 124 | "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.1.2/pinact_darwin_amd64.tar.gz", 125 | "checksum": "BCCA1DC1F0FAB2AA4FA0F17A0E4092C0F1661C802B6F5857BBE1F803D927D3B5", 126 | "algorithm": "sha256" 127 | }, 128 | { 129 | "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.1.2/pinact_darwin_arm64.tar.gz", 130 | "checksum": "8DAE815BE50D0FB5832C27F9564BCA2B91653B045EBD165C881AB95D8BF2DF4C", 131 | "algorithm": "sha256" 132 | }, 133 | { 134 | "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.1.2/pinact_linux_amd64.tar.gz", 135 | "checksum": "527800D3EA35AEC5CFF601CB014C01EB42C6098A269B05D8937025EC121F1B77", 136 | "algorithm": "sha256" 137 | }, 138 | { 139 | "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.1.2/pinact_linux_arm64.tar.gz", 140 | "checksum": "73D5B05E54680A936ACEFABC5C98CA42C0BC282D83BEB4ECD879904FD580ACF9", 141 | "algorithm": "sha256" 142 | }, 143 | { 144 | "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.1.2/pinact_windows_amd64.zip", 145 | "checksum": "892F930B0EDE87A86E0B728BC4A0F53C26AC9BB3BD3FF78E06A4F3CB28134FE2", 146 | "algorithm": "sha256" 147 | }, 148 | { 149 | "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.1.2/pinact_windows_arm64.zip", 150 | "checksum": "9CE33159DAC283057BC0EFFC12D58BF993D0139EE9895C96D07D77224AE217AD", 151 | "algorithm": "sha256" 152 | }, 153 | { 154 | "id": "registries/github_content/github.com/aquaproj/aqua-registry/v4.374.0/registry.yaml", 155 | "checksum": "619BDA08E2B9259FEFE5DF052EBB1FEDABE96C58CCC41444938FFA3F3EEB5828456A80CF1859695E37B4F74CD1A45C5AC516C82DFE5752D010AADE352EB222E0", 156 | "algorithm": "sha512" 157 | } 158 | ] 159 | } 160 | -------------------------------------------------------------------------------- /aqua/aqua.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # aqua - Declarative CLI Version Manager 3 | # https://aquaproj.github.io/ 4 | checksum: 5 | enabled: true 6 | require_checksum: true 7 | registries: 8 | - type: standard 9 | ref: v4.374.0 # renovate: depName=aquaproj/aqua-registry 10 | packages: 11 | - import: imports/*.yaml 12 | -------------------------------------------------------------------------------- /aqua/imports/actionlint.yaml: -------------------------------------------------------------------------------- 1 | packages: 2 | - name: rhysd/actionlint@v1.7.7 3 | -------------------------------------------------------------------------------- /aqua/imports/cmdx.yaml: -------------------------------------------------------------------------------- 1 | packages: 2 | - name: suzuki-shunsuke/cmdx@v2.0.1 3 | -------------------------------------------------------------------------------- /aqua/imports/ghalint.yaml: -------------------------------------------------------------------------------- 1 | packages: 2 | - name: suzuki-shunsuke/ghalint@v1.4.1 3 | -------------------------------------------------------------------------------- /aqua/imports/pinact.yaml: -------------------------------------------------------------------------------- 1 | packages: 2 | - name: suzuki-shunsuke/pinact@v3.1.2 3 | -------------------------------------------------------------------------------- /aqua/imports/reviewdog.yaml: -------------------------------------------------------------------------------- 1 | packages: 2 | - name: reviewdog/reviewdog@v0.20.3 3 | -------------------------------------------------------------------------------- /renovate.json5: -------------------------------------------------------------------------------- 1 | { 2 | extends: [ 3 | 'config:recommended', 4 | 'github>suzuki-shunsuke/renovate-config#3.2.1', 5 | 'github>aquaproj/aqua-renovate-config#2.8.1', 6 | 'github>suzuki-shunsuke/renovate-config:nolimit#3.2.1', 7 | 'github>aquaproj/aqua-renovate-config:file#2.8.1(aqua/imports/.*\\.ya?ml)', 8 | ], 9 | } 10 | --------------------------------------------------------------------------------