Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Add renovate.json5, pin actions to SHAs, update AGENTS.md
Agent-Logs-Url: https://github.com/nitrocode/nitrocode/sessions/21969f05-3def-4efb-8700-57c6c6af7739

Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com>
  • Loading branch information
Copilot and nitrocode authored May 3, 2026
commit 00cff4065a1a62d84005e9edf1a384b248b25333
4 changes: 2 additions & 2 deletions .github/workflows/link-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

- name: Check links and images
uses: lycheeverse/lychee-action@v2
uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0
with:
args: >
--verbose
Expand Down
15 changes: 14 additions & 1 deletion AGENTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ If adding a new link or image, make sure it resolves to a stable URL. Avoid shor
README.md — public GitHub profile page
AGENTS.md — this file; AI agent context and conventions
CLAUDE.md -> AGENTS.md (symlink)
renovate.json5 — Renovate config; inherits best-practices, pins actions to SHAs
LICENSE
.github/
workflows/
Expand All @@ -85,7 +86,19 @@ LICENSE

---

## What Agents Should Not Do
## Dependency Management

GitHub Actions are pinned to full commit SHAs (`uses: owner/action@<sha> # vX.Y.Z`). Renovate manages these via `renovate.json5`, which inherits `config:best-practices` and sets `pinDigests: true`.

When adding a new workflow step, pin the action to its SHA and add a version comment. Find the SHA with:

```sh
gh api repos/<owner>/<repo>/git/ref/tags/<tag> --jq '.object.sha'
```

---



- Do not rewrite large portions of `README.md` speculatively — make targeted, minimal changes
- Do not add sections, stats widgets, or third-party integrations without being asked
Expand Down
9 changes: 9 additions & 0 deletions renovate.json5
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
extends: [
"config:best-practices",
],
// Pin GitHub Actions to full commit SHAs for supply-chain security.
// Renovate will keep the pinned SHAs and version comments up to date.
pinDigests: true,
}
Loading