File tree Expand file tree Collapse file tree 5 files changed +154
-0
lines changed Expand file tree Collapse file tree 5 files changed +154
-0
lines changed Original file line number Diff line number Diff line change
1
+ # To get started with Dependabot version updates, you'll need to specify which
2
+ # package ecosystems to update and where the package manifests are located.
3
+ # Please see the documentation for all configuration options:
4
+ # https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
5
+
6
+ version : 2
7
+ updates :
8
+ - package-ecosystem : " pip"
9
+ directory : " /" # pyproject.toml
10
+ schedule :
11
+ interval : " daily"
12
+ commit-message :
13
+ prefix : " chore"
14
+ include : " scope"
15
+ labels :
16
+ - " dependencies"
17
+ - package-ecosystem : " github-actions"
18
+ # Workflow files stored in the
19
+ # default location of `.github/workflows`
20
+ directory : " /"
21
+ schedule :
22
+ interval : " daily"
23
+ commit-message :
24
+ prefix : " chore"
25
+ include : " scope"
26
+ labels :
27
+ - " dependencies"
Original file line number Diff line number Diff line change
1
+ # https://codeql.github.com/
2
+ name : CodeQL
3
+
4
+ on :
5
+ push :
6
+ paths :
7
+ - " **.js"
8
+ - " **.py"
9
+ pull_request :
10
+ branches : [main]
11
+ paths :
12
+ - " **.js"
13
+ - " **.py"
14
+ schedule :
15
+ - cron : " 24 9 * * 6"
16
+
17
+ jobs :
18
+ setup :
19
+ name : Set up CodeQL analysis
20
+ runs-on : ubuntu-latest
21
+ # Required permissions
22
+ permissions :
23
+ pull-requests : read
24
+ outputs :
25
+ # changes is a JSON array with names of all filters matching any of the changed files
26
+ languages : ${{ steps.filter.outputs.changes }}
27
+ steps :
28
+ - uses : actions/checkout@v4
29
+ - uses : dorny/paths-filter@v3
30
+ id : filter
31
+ with :
32
+ filters : |
33
+ javascript: "**.js"
34
+ python: "**.py"
35
+
36
+ codeql :
37
+ name : CodeQL Analyze
38
+ runs-on : ubuntu-latest
39
+ needs : setup
40
+ if : ${{ needs.setup.outputs.languages != '[]' }}
41
+ permissions :
42
+ actions : read
43
+ contents : read
44
+ security-events : write
45
+
46
+ strategy :
47
+ fail-fast : false
48
+ matrix :
49
+ # Parse JSON array containing names of all filters matching any of changed files
50
+ # e.g. ['javascript', 'python'] if both file types had changes
51
+ language : ${{ fromJSON(needs.setup.outputs.languages) }}
52
+
53
+ steps :
54
+ - name : Checkout repository
55
+ uses : actions/checkout@v4
56
+
57
+ - name : Initialize CodeQL
58
+ uses : github/codeql-action/init@v3
59
+ with :
60
+ languages : ${{ matrix.language }}
61
+ # https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-configuration-details-using-the-config-input
62
+ config : |
63
+ paths-ignore:
64
+ - tests
65
+
66
+ - name : Perform CodeQL Analysis
67
+ uses : github/codeql-action/analyze@v3
Original file line number Diff line number Diff line change
1
+ name : " Dependency PR triage"
2
+
3
+ on :
4
+ pull_request :
5
+ types : [opened]
6
+
7
+ jobs :
8
+ dependency-triage :
9
+ runs-on : ubuntu-latest
10
+ # see https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#responding-to-events
11
+ if : github.actor == 'dependabot[bot]' || github.actor == 'pre-commit-ci[bot]'
12
+ steps :
13
+ - uses : actions/add-to-project@main
14
+ with :
15
+ project-url : https://github.com/orgs/compiler/projects/${{ vars.GH_PROJECT }}
16
+ github-token : ${{ secrets.GH_PROJECTS_TOKEN }}
17
+
18
+ - uses : EndBug/project-fields@v2
19
+ with :
20
+ operation : set
21
+ fields : Effort,Status
22
+ values : 1,In review
23
+ project_url : https://github.com/orgs/compiler/projects/${{ vars.GH_PROJECT }}
24
+ github_token : ${{ secrets.GH_PROJECTS_TOKEN }}
Original file line number Diff line number Diff line change
1
+ name : Label actions
2
+
3
+ on :
4
+ pull_request :
5
+ types : [opened]
6
+ paths :
7
+ - " .github/dependabot.yml"
8
+ - " .github/workflows/**"
9
+
10
+ jobs :
11
+ label-actions :
12
+ runs-on : ubuntu-latest
13
+ steps :
14
+ - name : add-label
15
+ uses : andymckay/labeler@master
16
+ with :
17
+ add-labels : " actions"
Original file line number Diff line number Diff line change
1
+ name : Label docs
2
+
3
+ on :
4
+ pull_request :
5
+ branches : [main]
6
+ types : [opened]
7
+ paths :
8
+ - " docs/**"
9
+ - " mkdocs.yml"
10
+ - " .github/workflows/mkdocs.yml"
11
+
12
+ jobs :
13
+ label-docs :
14
+ runs-on : ubuntu-latest
15
+ steps :
16
+ - name : add-label
17
+ uses : andymckay/labeler@master
18
+ with :
19
+ add-labels : " documentation"
You can’t perform that action at this time.
0 commit comments