From abe830ffe749ef0d75e6139ac5e434dbf847b81d Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 29 Apr 2021 18:14:11 -0400 Subject: build: upgrade to GitHub-native Dependabot (#2665) * Upgrade to GitHub-native Dependabot * ci: add dependabot-auto-merge action * ci: update job name Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Matan Kushner --- .github/dependabot.yml | 23 +++++++++++++++++++++++ .github/workflows/auto-merge.yml | 14 ++++++++++++++ .github/workflows/security-audit.yml | 20 ++++++++++++++++++++ .github/workflows/security_audit.yml | 21 --------------------- .github/workflows/workflow.yml | 1 - 5 files changed, 57 insertions(+), 22 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/auto-merge.yml create mode 100644 .github/workflows/security-audit.yml delete mode 100644 .github/workflows/security_audit.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..c0d36a0b0 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,23 @@ +version: 2 +updates: +- package-ecosystem: cargo + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + labels: + - "\U0001F4E6 dependencies" +- package-ecosystem: npm + directory: "/docs" + schedule: + interval: weekly + open-pull-requests-limit: 10 + labels: + - "\U0001F4E6 dependencies" +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + labels: + - "\U0001F4E6 dependencies" diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml new file mode 100644 index 000000000..515de1670 --- /dev/null +++ b/.github/workflows/auto-merge.yml @@ -0,0 +1,14 @@ +name: Dependabot + +on: [pull_request] + +jobs: + auto_merge: + name: Auto-merge Dependabot PRs + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: ahmadnassri/action-dependabot-auto-merge@v2 + with: + target: minor + github-token: ${{ secrets.DEPENDABOT_GITHUB_API_TOKEN }} diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml new file mode 100644 index 000000000..9a813022c --- /dev/null +++ b/.github/workflows/security-audit.yml @@ -0,0 +1,20 @@ +name: Security audit +on: + pull_request: + paths: + - '**/Cargo.toml' + - '**/Cargo.lock' + push: + paths: + - '**/Cargo.toml' + - '**/Cargo.lock' + schedule: + - cron: '0 0 * * *' +jobs: + security_audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: actions-rs/audit-check@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/security_audit.yml b/.github/workflows/security_audit.yml deleted file mode 100644 index 9ab06e92a..000000000 --- a/.github/workflows/security_audit.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -name: Security audit -on: - pull_request: - paths: - - '**/Cargo.toml' - - '**/Cargo.lock' - push: - paths: - - '**/Cargo.toml' - - '**/Cargo.lock' - schedule: - - cron: '0 0 * * *' -jobs: - security_audit: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - uses: actions-rs/audit-check@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index 945ea1764..114d3569d 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -1,4 +1,3 @@ ---- name: Main workflow on: push: -- cgit v1.2.3