Skip to content

Bring .github settings up-to-date #336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nateprewitt merged 5 commits into from
Dec 11, 2025
Merged

Bring .github settings up-to-date #336

nateprewitt merged 5 commits into from
Dec 11, 2025

Conversation

@nateprewitt
Copy link
Contributor

@nateprewitt nateprewitt commented Dec 10, 2025
edited
Loading

This PR makes a handful of changes to bring our GHA up to current expectations.

Changes

  • Dependencies are now strictly pinned to a commit hash matching the tag they were previously using. This is considered best practice to avoid supply chain attacks on repositories by remapping an existing tag to a new commit.
  • CI now runs on all of our supported platforms (Linux, macOS, and Windows).
  • Dependabot will now pull in minor+ updates to workflow dependencies to fix any security or notable functionality issues.
  • Added CodeQL to run analysis over the repo and flag any potential concerns.
  • Permissions were added to both existing and new workflows.
  • Rewrote compliance test case harness to run correctly on Windows.

@nateprewitt nateprewitt mentioned this pull request Dec 10, 2025
Open
jamesls
jamesls approved these changes Dec 10, 2025
View reviewed changes
Copy link
Member

@jamesls jamesls left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Could you also update the CHANGELOG.rst before merging? It's all done by hand in this repo.

@nateprewitt
Copy link
Contributor Author

nateprewitt commented Dec 11, 2025

Relevant changelog information for the Python support changes is now added in #337. This isn't external facing so we'll omit a changelog for the GHA updates.

@nateprewitt nateprewitt merged commit 141734d into jmespath:develop Dec 11, 2025
18 checks passed
@nateprewitt nateprewitt deleted the gha_updates branch December 11, 2025 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamesls jamesls jamesls approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nateprewitt @jamesls