## Summary
The intent here is that all actions should be pinned to an immutable SHA
(but that Renovate should annotate each SHA with the corresponding
SemVer version).
<!--
Thank you for contributing to uv! To help us out with reviewing, please
consider the following:
- Does this pull request include a summary of the change? (See below.)
- Does this pull request include a descriptive title?
- Does this pull request include references to any relevant issues?
-->
## Summary
I started learning `uv` by inspecting the source code.
I've noticed that your shell scripts are very good! Which is rare!
## Test Plan
I propose to add `shellcheck` to the CI.
It is a great tool to help finding bugs and style issues in shell code.
Techincal details:
- This CI job will only run when any `.sh` files are changed (or the job
definition file)
- It takes just several seconds even on local machine:
```
» time shellcheck -S style **/*.sh
shellcheck -S style **/*.sh 0.02s user 0.05s system 61% cpu 0.123 total
```
- It is easy to use, for example: I just fixed the single problem you
had in your code with `# shellcheck disable=SC1091`
- I am using this tool for around 8 years now and didn't have any
issues. Examples:
ca899f3b69/.github/workflows/test.yml (L22-L27)
and
https://github.com/wemake-services/wemake-django-template/blob/master/.github/workflows/shellcheck.yml
But, I understand that build / lint tools are very subjective. So, feel
free to close :)
## Summary
Originally wanted to update the reference to `astral-sh/setup-uv` in
https://docs.astral.sh/uv/guides/integration/github/, but thought it
could be nice to automate those updates through Renovate. The custom
manager will look for any major version GitHub Action reference in any
Markdown file in `docs` directory, and raise a PR to update it.
Possible improvements:
- We could separate those updates from updating the actions updates for
uv's own GitHub Actions workflow, which would end up raising 2 different
PRs instead of grouping them (example of the current behaviour without
this improvement in
https://github.com/mkniewallner/mkv-playground/pull/4 where we update
the doc reference at the same time as a real dependency usage in a
workflow).
- ~Should the PRs be raised immediately, to handle the update as soon as
possible, instead of waiting for the regular weekly Monday schedule?
This would ensure that `astral-sh/setup-uv` references are handled as
early as possible.~ done in
6af7f45750
## Test Plan
I've tested that with
00ddfb6900/renovate.json5
and
00ddfb6900/docs/integeration/foo.md,
where Renovate raised 2 PRs:
- https://github.com/mkniewallner/mkv-playground/pull/13
- https://github.com/mkniewallner/mkv-playground/pull/4
---------
Co-authored-by: Zanie Blue <contact@zanie.dev>
## Summary
Restore API-compatibility with pre-1.1.0 versions of the `zip` crate,
and pin the dependency to the 0.6 series, due to concerns discussed in
https://github.com/astral-sh/uv/issues/3642.
## Test Plan
```
cargo run -p uv-dev -- fetch-python
cargo test
```
