chore(deps): update actions/checkout action to v6.0.1

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [appleboy/ssh-action](https://github.com/appleboy/ssh-action) | action | patch | `v1.2.3` -> `v1.2.4` |

---

### Release Notes

<details>
<summary>appleboy/ssh-action (appleboy/ssh-action)</summary>

### [`v1.2.4`](https://github.com/appleboy/ssh-action/releases/tag/v1.2.4)

[Compare Source](https://github.com/appleboy/ssh-action/compare/v1.2.3...v1.2.4)

##### Changelog

##### Enhancements

- [`4e3535e`](4e3535e14e): chore: bump default DRONE\_SSH\_VERSION to 1.8.2 ([@&#8203;appleboy](https://github.com/appleboy))

##### Build process updates

- [`823bd89`](823bd89e13): ci: trigger GitHub Actions workflows only on version tags ([@&#8203;appleboy](https://github.com/appleboy))

##### Documentation updates

- [`652a0be`](652a0bee3c): docs: update CI documentation and workflow references ([@&#8203;appleboy](https://github.com/appleboy))
- [`f6208e0`](f6208e096d): docs: document and demonstrate capturing and using command output ([@&#8203;appleboy](https://github.com/appleboy))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4yNi44IiwidXBkYXRlZEluVmVyIjoiNDIuMjYuOCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidHlwZS9kZXBlbmRlbmNpZXMiXX0=-->

Reviewed-on: #49
Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk>
Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>

.gitea/workflows/build-push-docker.yml

@@ -43,7 +43,7 @@ jobs:
           REPO: ${{ gitea.repository }}
 
       - name: Check out repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
           ref: ${{ inputs.release }}

.gitea/workflows/changelog.yaml

@@ -0,0 +1,67 @@
+name: Get Changelog
+on:
+  workflow_call:
+    outputs:
+      release_name:
+        description: "Name of the created release"
+        value: ${{ jobs.get_next_release.outputs.release_name }}
+      changelog:
+        description: "Release changelog"
+        value: ${{ jobs.get_next_release.outputs.clean_changelog }}
+
+jobs:
+  get_next_release:
+    name: Get Next Release
+    runs-on: ubuntu-latest
+    outputs:
+      release_name: ${{ steps.get_next_version.outputs.tag }}
+    #   changelog: ${{ steps.get_next_version.outputs.changelog }}
+      clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v6.0.1
+        with:
+          fetch-depth: 0
+
+      - name: Changes since last tag
+        id: changes
+        run: |
+          rm -f .changes
+          git log $(git describe --tags --abbrev=0)..HEAD --no-merges --oneline >> .changes
+          cat .changes
+
+      - name: Check for changes
+        run: |
+          if [[ -z $(grep '[^[:space:]]' .changes) ]] ; then
+            echo "changes=false"
+            echo "changes=false" >> "$GITEA_OUTPUT"
+          else
+            echo "changes=true"
+            echo "changes=true" >> "$GITEA_OUTPUT"
+          fi
+
+      - name: Cancel if no changes
+        if: steps.changes.outputs.changes == 'false'
+        run: exit 1
+
+      - name: Set server URL
+        id: set_srvurl
+        run: |
+          SRVURL=$(echo "${{ gitea.server_url }}" | sed 's/https:\/\/\(.*\)/\1/')
+          echo "srvurl=$SRVURL" >> "$GITEA_OUTPUT"
+
+      - name: Get next version
+        uses: TriPSs/conventional-changelog-action@v6
+        id: get_next_version
+        with:
+          git-url: ${{ steps.set_srvurl.outputs.srvurl }}
+          github-token: ${{ gitea.token }}
+          preset: "conventionalcommits"
+          # preset: "angular"  # This is the default
+          skip-commit: true
+          release-count: 1
+          output-file: false
+          create-summary: true
+          skip-on-empty: true
+          skip-version-file: true
+          skip-tag: true

.gitea/workflows/ci-docker.yml

@@ -12,11 +12,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.3.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
@@ -24,7 +24,7 @@ jobs:
           no-fail: true
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python-poetry-with-docker.yml

@@ -20,11 +20,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.3.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
@@ -32,7 +32,7 @@ jobs:
           no-fail: true
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "${{ inputs.python-version }}"
 
@@ -66,7 +66,7 @@ jobs:
           sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python-poetry.yml

@@ -20,12 +20,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "${{ inputs.python-version }}"
 
@@ -57,7 +57,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python-uv-with-docker.yml

@@ -7,6 +7,8 @@ on:
         default: "3.11"
         description: "Version of Python to use for testing environment"
     secrets:
+      SONAR_HOST_URL:
+        required: false
       SONAR_TOKEN:
         required: true
       SNYK_TOKEN:
@@ -17,12 +19,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
       - name: Run Hadolint
-        uses: hadolint/hadolint-action@v3.1.0
+        uses: hadolint/hadolint-action@v3.3.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
@@ -30,7 +32,7 @@ jobs:
           no-fail: true
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "${{ vars.PYTHON_VERSION }}"
 
@@ -60,9 +62,10 @@ jobs:
       - name: Minimize uv cache
         run: uv cache prune --ci
 
-      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v4.2.1
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
       - name: Snyk Vulnerability Scan

.gitea/workflows/ci-python-with-docker.yml

@@ -17,11 +17,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.3.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
@@ -29,7 +29,7 @@ jobs:
           no-fail: true
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "${{ inputs.python-version }}"
 
@@ -58,7 +58,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python.yml

@@ -17,12 +17,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "${{ inputs.python-version }}"
 
@@ -51,7 +51,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/conventional-commit.yml

@@ -12,6 +12,6 @@ jobs:
     name: Validate PR Title
     runs-on: ubuntu-latest
     steps:
-      - uses: https://git.tainton.uk/actions/conventional-commits-check-action@v1.2.3
+      - uses: http://${{ vars.PACKAGES_REGISTRY_URL }}/actions/conventional-commits-check-action@v1.2.3
         with:
           commit-message: ${{ inputs.commit_message }}

.gitea/workflows/create-release-preexisting-tag.yaml

@@ -0,0 +1,24 @@
+name: Create Gitea Release Pre-Existing Tag
+on:
+  workflow_call:
+    inputs:
+      tag:
+        required: true
+      body:
+        required: false
+    secrets:
+      ACTIONS_TOKEN:
+        required: true
+
+jobs:
+  create_release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create release
+        uses: https://git.tainton.uk/actions/create-release-action@v1.1.0
+        with:
+          release_name: ${{ inputs.tag }}
+          tag: ${{ inputs.tag }}
+          body: ${{ inputs.body }}
+          token: ${{ secrets.ACTIONS_TOKEN }}

.gitea/workflows/create-release.yml

@@ -16,9 +16,10 @@ jobs:
     outputs:
       release_name: ${{ steps.get_next_version.outputs.tag }}
       changelog: ${{ steps.get_next_version.outputs.changelog }}
+      clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
@@ -71,7 +72,7 @@ jobs:
     needs: get_next_release
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
@@ -80,4 +81,4 @@ jobs:
         with:
           release_name: ${{ needs.get_next_release.outputs.release_name }}
           tag: ${{ needs.get_next_release.outputs.release_name }}
-          body: ${{ needs.get_next_release.outputs.changelog }}
+          body: ${{ needs.get_next_release.outputs.clean_changelog }}

.gitea/workflows/docker-compose-deploy.yml

@@ -0,0 +1,96 @@
+name: Docker Compose Deploy Stack
+
+on:
+  workflow_call:
+    secrets:
+      DEPLOY_HOST:
+        required: true
+        type: string
+      DEPLOY_USERNAME:
+        required: true
+        type: string
+      DEPLOY_SSHKEY:
+        required: true
+        type: string
+      DEPLOY_PORT:
+        required: true
+        type: string
+      PUSHOVER_USER_TOKEN:
+        required: true
+        type: string
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:      
+      - name: "[ON RUNNER] Notify Build Start"
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
+        env:
+          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
+          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
+        with:
+          message: "Deploying stack ${{ gitea.repository }}"
+          title: 'Stack Deployment Started'
+          url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+          url_title: 'View Logs'
+
+      - name: "[ON RUNNER] Checkout the repo"
+        uses: actions/checkout@v6
+      
+      - name: "[ON RUNNER] Set project variables"
+        run: |
+          projectname="${{ gitea.event.repository.name }}"
+          echo "project_name=$projectname" >> $GITEA_ENV
+          echo "project_folder=/home/${{ secrets.DEPLOY_USERNAME }}/$projectname" >> $GITEA_ENV
+
+      - name: "[ON RUNNER] Create env file"
+        run: |
+          rm -f ".env"
+          touch ".env"
+          echo "$ALLVARS" | jq -r '. | to_entries[] | select(.key | startswith("DC_")) | .key + "=" + .value' >> ".env"
+          echo "$ALLSECRETS" | jq -r '. | to_entries[] | select(.key | startswith("DC_")) | .key + "=" + .value' >> ".env"
+        env:
+          ALLVARS: ${{ toJSON(vars) }}
+          ALLSECRETS: ${{ toJSON(secrets) }}
+      
+      - name: "[ON HOST] Make directory if not exists"
+        uses: appleboy/ssh-action@v1.2.4
+        with:
+          host: ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USERNAME }}
+          key: ${{ secrets.DEPLOY_SSHKEY }}
+          port: ${{ secrets.DEPLOY_PORT }}
+          script: |
+            mkdir -p ${{ env.project_folder }}
+      
+      - name: "[ON HOST] SCP files to host"
+        uses: appleboy/scp-action@v1.0.0
+        with:
+          host: ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USERNAME }}
+          port: ${{ secrets.DEPLOY_PORT }}
+          key: ${{ secrets.DEPLOY_SSHKEY }}
+          source: "./compose.yaml,./.env"
+          target: "${{ env.project_folder }}/"
+      
+      - name: "[ON HOST] Deploy Stack"
+        uses: appleboy/ssh-action@v1.2.4
+        with:
+          host: ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USERNAME }}
+          key: ${{ secrets.DEPLOY_SSHKEY }}
+          port: ${{ secrets.DEPLOY_PORT }}
+          script: |
+            cd ${{ env.project_folder }}
+            docker compose --env-file .env up --detach
+      
+      - name: "[ON RUNNER] Notify Build End"
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
+        env:
+          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
+          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
+        with:
+          message: "Deployed stack ${{ gitea.repository }}"
+          title: 'Stack Deployment ${{ job.status }}'
+          url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+          url_title: 'View Logs'

.gitea/workflows/docker-compose-remove.yml

@@ -0,0 +1,65 @@
+name: Docker Compose Remove Stack
+
+on:
+  workflow_call:
+    secrets:
+      DEPLOY_HOST:
+        required: true
+        type: string
+      DEPLOY_USERNAME:
+        required: true
+        type: string
+      DEPLOY_SSHKEY:
+        required: true
+        type: string
+      DEPLOY_PORT:
+        required: true
+        type: string
+      PUSHOVER_USER_TOKEN:
+        required: true
+        type: string
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "[ON RUNNER] Notify Build Start"
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
+        env:
+          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
+          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
+        with:
+          message: "Removing stack ${{ gitea.repository }}"
+          title: 'Stack Removal Started'
+          url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+          url_title: 'View Logs'
+
+      - name: "[ON RUNNER] Set project variables"
+        run: |
+          projectname="${{ gitea.event.repository.name }}"
+          echo "project_name=$projectname" >> $GITEA_ENV
+          echo "project_folder=/home/${{ secrets.DEPLOY_USERNAME }}/$projectname" >> $GITEA_ENV
+
+      - name: "[ON HOST] Remove Stack"
+        uses: appleboy/ssh-action@v1.2.4
+        with:
+          host: ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USERNAME }}
+          key: ${{ secrets.DEPLOY_SSHKEY }}
+          port: ${{ secrets.DEPLOY_PORT }}
+          script: |
+            cd ${{ env.project_folder }}
+            docker compose --env-file .env down
+            cd ..
+            rm -rf ${{ env.project_folder }}
+      
+      - name: "[ON RUNNER] Notify Build End"
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
+        env:
+          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
+          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
+        with:
+          message: "Removed stack ${{ gitea.repository }}"
+          title: 'Stack Removal ${{ job.status }}'
+          url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+          url_title: 'View Logs'

.gitea/workflows/release-with-tag.yaml

@@ -0,0 +1,71 @@
+name: Release w/ Tag
+on:
+  workflow_call:
+    outputs:
+      tag_name:
+        description: "Tag name"
+        value: ${{ jobs.get_next_release.outputs.release_name }}
+      changelog:
+        description: "Changelog"
+        value: ${{ jobs.get_next_release.outputs.clean_changelog }}
+
+jobs:
+  get_next_release:
+    name: Get Next Release
+    runs-on: ubuntu-latest
+    outputs:
+      release_name: ${{ steps.get_next_version.outputs.tag }}
+    #   changelog: ${{ steps.get_next_version.outputs.changelog }}
+      clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v6.0.1
+        with:
+          fetch-depth: 0
+
+      - name: Changes since last tag
+        id: changes
+        run: |
+          rm -f .changes
+          git log $(git describe --tags --abbrev=0)..HEAD --no-merges --oneline >> .changes
+          cat .changes
+
+      - name: Check for changes
+        run: |
+          if [[ -z $(grep '[^[:space:]]' .changes) ]] ; then
+            echo "changes=false"
+            echo "changes=false" >> "$GITEA_OUTPUT"
+          else
+            echo "changes=true"
+            echo "changes=true" >> "$GITEA_OUTPUT"
+          fi
+
+      - name: Cancel if no changes
+        if: steps.changes.outputs.changes == 'false'
+        run: exit 1
+
+      - name: Set server URL
+        id: set_srvurl
+        run: |
+          SRVURL=$(echo "${{ gitea.server_url }}" | sed 's/https:\/\/\(.*\)/\1/')
+          echo "srvurl=$SRVURL" >> "$GITEA_OUTPUT"
+
+      - name: Get next version
+        uses: TriPSs/conventional-changelog-action@v6
+        id: get_next_version
+        with:
+          git-url: ${{ steps.set_srvurl.outputs.srvurl }}
+          github-token: ${{ gitea.token }}
+          preset: "conventionalcommits"
+          # preset: "angular"  # This is the default
+          skip-commit: true
+          release-count: 1
+          output-file: false
+          create-summary: true
+          skip-on-empty: true
+          skip-version-file: true
+          skip-tag: false
+      
+      - name: Cancel if no changelog
+        if: steps.get_next_version.outputs.skipped == 'true'
+        run: exit 1

.github/workflows/build-push-attest-docker.yml

@@ -24,7 +24,7 @@ jobs:
       success: ${{ steps.set_flag.outputs.success }}
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ inputs.release }}
 
@@ -59,7 +59,7 @@ jobs:
             ghcr.io/${{ github.repository }}:${{ inputs.release }}
 
       - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ghcr.io/${{ github.repository }}
           subject-digest: ${{ steps.push.outputs.digest }}

.github/workflows/ci-docker.yml

@@ -12,17 +12,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.3.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
           format: sonarqube
           no-fail: true
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -34,7 +34,7 @@ jobs:
         with:
           args: --sarif-file-output=snyk.sarif --all-projects
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: snyk.sarif
 

.github/workflows/ci-python-poetry-with-docker.yml

@@ -22,17 +22,17 @@ jobs:
           PYTHON_VERSION=${{ inputs.python-version }}
           echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
       - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.3.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
           format: sonarqube
           no-fail: true
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "${{ steps.python-version.outputs.value }}"
       - name: Setup Poetry
@@ -49,7 +49,7 @@ jobs:
           poetry run coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -61,6 +61,6 @@ jobs:
         with:
           args: --sarif-file-output=snyk.sarif --all-projects
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: snyk.sarif

.github/workflows/ci-python-poetry.yml

@@ -22,11 +22,11 @@ jobs:
           PYTHON_VERSION=${{ inputs.python-version }}
           echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
       - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "${{ steps.python-version.outputs.value }}"
       - name: Setup Poetry
@@ -41,7 +41,7 @@ jobs:
           poetry run coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -53,6 +53,6 @@ jobs:
         with:
           args: --sarif-file-output=snyk.sarif --all-projects
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: snyk.sarif

.github/workflows/ci-python-with-docker.yml

@@ -22,17 +22,17 @@ jobs:
           PYTHON_VERSION=${{ inputs.python-version }}
           echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
       - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.3.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
           format: sonarqube
           no-fail: true
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "${{ steps.python-version.outputs.value }}"
       - name: Update Pip
@@ -50,7 +50,7 @@ jobs:
           coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -62,6 +62,6 @@ jobs:
         with:
           args: --sarif-file-output=snyk.sarif --all-projects
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: snyk.sarif

.github/workflows/ci-python.yml

@@ -22,11 +22,11 @@ jobs:
           PYTHON_VERSION=${{ inputs.python-version }}
           echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
       - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "${{ steps.python-version.outputs.value }}"
       - name: Update Pip
@@ -44,7 +44,7 @@ jobs:
           coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -56,6 +56,6 @@ jobs:
         with:
           args: --sarif-file-output=snyk.sarif --all-projects
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: snyk.sarif

.github/workflows/create-release.yml

@@ -17,7 +17,7 @@ jobs:
       release_name: ${{ steps.tag_version.outputs.new_tag }}
       success: ${{ steps.set_flag.outputs.success }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

renovate.json

@@ -7,10 +7,13 @@
   ],
   "platformCommit": "enabled",
   "dependencyDashboardAutoclose": true,
-  "assignAutomerge": true,
-  "assigneesFromCodeOwners": true,
+  "assignAutomerge": false,
+  "assigneesFromCodeOwners": false,
   "rebaseWhen": "behind-base-branch",
   "rollbackPrs": true,
+  "semanticCommits": "enabled",
+  "semanticCommitScope": "deps",
+  "semanticCommitType": "feat",
   "labels": [
     "type/dependencies"
   ],