From 3f32eedfe4bee4f0f4a63ecb1b2a63808c08cfb7 Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Thu, 20 Jun 2024 16:56:26 -0700
Subject: [PATCH 1/2] Bump Github action versions and give check write access
 in test job

A recent run indicated a bunch of warnings that this should take care of:

https://github.com/zeek/package-template/actions/runs/9569151210
---
 .github/workflows/check.yml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index c069687..32c35f0 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -13,13 +13,18 @@ jobs:
     if: github.event_name != 'schedule'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
-    - uses: actions/setup-python@v4
+    - uses: actions/checkout@v4
+    - uses: actions/setup-python@v5
       with:
         python-version: 3.x
-    - uses: pre-commit/action@v3.0.0
+    - uses: pre-commit/action@v3.0.1
 
   btest-linux:
+    permissions:
+      # This is for action-junit-report, see
+      # https://github.com/mikepenz/action-junit-report?tab=readme-ov-file#pr-run-permissions
+      # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+      checks: write
     strategy:
       matrix:
         name:
@@ -43,7 +48,7 @@ jobs:
     container: ${{ matrix.container }}
     continue-on-error: ${{ matrix.allow_failure }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         # The output of some commands of `zkg` on the template depends on the
         # known tags. Fetch them all.
@@ -66,7 +71,7 @@ jobs:
     - name: Run BTest suite
       run: |
         btest -djc tests/btest.cfg --xml=btest-results.xml
-    - uses: mikepenz/action-junit-report@v3
+    - uses: mikepenz/action-junit-report@v4
       if: always() # Always run even if any previous step fails.
       with:
         report_paths: '**/btest-results.xml'

From 5dd528428d0aa641abe0421673e7026826adc609 Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Fri, 21 Jun 2024 16:37:21 -0700
Subject: [PATCH 2/2] Add a dependabot.yml for Github actions

---
 .github/dependabot.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..1e07996
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
+
+version: 2
+updates:
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: weekly