diff --git a/.github/renovate.json5 b/.github/renovate.json5 index ef425df96..b8278a48d 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -80,5 +80,10 @@ groupName: 'CI dependencies', automerge: true, }, + /** For security reason don't takes the too early packages on stabilization branches */ + { + matchBaseBranches: ['/^[0-9]+\\.[0-9]+$/', '/release_.*/'], + minimumReleaseAge: '7 days', + }, ], } diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml index 4d030b447..1fc7abb35 100644 --- a/.github/workflows/audit.yaml +++ b/.github/workflows/audit.yaml @@ -63,8 +63,3 @@ jobs: uses: andstor/file-existence-action@v3 with: files: ci/dpkg-versions.yaml - - name: Update dpkg packages versions - run: ~/.venv/bin/c2cciutils-docker-versions-update --branch=${{ matrix.branch }} - env: - GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} - if: steps.dpkg-versions.outputs.files_exists == 'true' diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1b34bd9b2..6c21ef2b5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -98,11 +98,7 @@ repos: hooks: - id: jsonschema-validator files: ^ci/config\.yaml$ -ci: - autoupdate_schedule: quarterly - skip: - - copyright - - poetry-check - - poetry-lock - - ripsecrets - - jsonschema-validator + - repo: https://github.com/renovatebot/pre-commit-hooks + rev: 37.428.1 + hooks: + - id: renovate-config-validator