Merge pull request 'Update actions/checkout action to v6' (#4 ) from renovate/actions-checkout-6.x into main

Reviewed-on: #4
Update actions/checkout action to v6
2026-05-12 14:43:30 +00:00 · 2026-05-12 14:43:17 +00:00 · 2026-05-12 14:42:53 +00:00 · 2026-05-12 12:34:06 +00:00 · 2026-05-12 07:05:22 +00:00 · 2026-05-12 06:34:48 +00:00
2 changed files with 15 additions and 3 deletions
@@ -34,10 +34,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6

      - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
        with:
          python-version: '3.x'

@@ -49,7 +49,13 @@ jobs:
        # trivy-action wrapper does nested checkouts and auth-juggling that
        # does not play well with Self-Hosted Gitea Actions, this is more
        # robust and a smaller surface.
-        run: curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin
+        #
+        # Version pinned: the install script otherwise hits api.github.com to
+        # resolve "latest", which is unauthenticated and burns through the
+        # self-hosted runner's GitHub rate-limit on each push. Pinning skips
+        # the API call entirely. Renovate-bot keeps the version current:
+        # renovate: datasource=github-releases depName=aquasecurity/trivy
+        run: curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.70.0

      - name: Run Semgrep SAST
        # --config=auto pulls language-appropriate rule packs from semgrep.dev
@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ]
+}
Author	SHA1	Message	Date
JonKazama-Hellion	dfe44fdf3b	Merge pull request 'Update actions/checkout action to v6' (#4 ) from renovate/actions-checkout-6.x into main Reviewed-on: #4	2026-05-12 14:43:30 +00:00
renovate-bot	f5c6828302	Update actions/checkout action to v6	2026-05-12 14:43:17 +00:00
JonKazama-Hellion	54301ecdf6	Merge pull request 'Update actions/setup-python action to v6' (#5 ) from renovate/actions-setup-python-6.x into main Reviewed-on: #5	2026-05-12 14:42:53 +00:00
renovate-bot	ef287c8868	Update actions/setup-python action to v6	2026-05-12 12:34:06 +00:00
JonKazama-Hellion	6274df8e48	Merge pull request 'Configure Renovate' (#3 ) from renovate/configure into main Reviewed-on: #3	2026-05-12 07:05:22 +00:00
renovate-bot	c9c318c092	Add renovate.json	2026-05-12 06:34:48 +00:00
JonKazama-Hellion	7cbc8fcccc	Merge pull request 'fix(scan): pin Trivy to v0.70.0 (avoid GitHub rate-limit)' (#2 ) from fix/pin-trivy-version into main Reviewed-on: #2	2026-05-12 00:13:43 +00:00
renovate-bot	27a469b169	fix(scan): pin Trivy to v0.70.0 to avoid GitHub rate-limit The trivy install script otherwise queries api.github.com unauthenticated for the latest release tag. Self-hosted runners hit rate-limit quickly when multiple workflows run in succession, leading to empty version resolution and install failures. Version pinned with renovate annotation so updates flow through Renovate.	2026-05-12 00:12:13 +00:00