diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5e6c58d51c..2c6deeedf0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,41 +1,42 @@ version: 2 updates: - - package-ecosystem: github-actions - directory: / - schedule: - interval: weekly - time: '06:00' - timezone: Canada/Pacific - reviewers: - - cloudshiftchris + - package-ecosystem: "github-actions" + directory: "/" commit-message: - prefix: chore + prefix: "chore" groups: workflow-actions: patterns: - - '*' - - package-ecosystem: gradle - directory: / + - "*" schedule: - interval: weekly - time: '06:00' - timezone: Canada/Pacific + interval: "weekly" + time: "06:00" + timezone: "Canada/Pacific" reviewers: - - cloudshiftchris + - "cloudshiftchris" + + - package-ecosystem: "gradle" + directory: "/" commit-message: - prefix: chore + prefix: "chore" ignore: - - dependency-name: '*' + - dependency-name: "*" update-types: - - version-update:semver-major - groups: - gradle-patch-updates: + - "version-update:semver-major" + - dependency-name: "org.springframework*" update-types: - - patch - gradle-minor-updates: - exclude-patterns: - - org.jetbrains.kotlin* + - "version-update:semver-minor" + - dependency-name: "org.jetbrains.kotlin*" update-types: - - minor - - + - "version-update:semver-minor" + groups: + gradle-updates: + update-types: + - "patch" + - "minor" + schedule: + interval: "weekly" + time: "06:00" + timezone: "Canada/Pacific" + reviewers: + - "cloudshiftchris" diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 60b6b128b9..5b85c65992 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -38,10 +38,6 @@ jobs: distribution: 'temurin' check-latest: 'true' - # https://github.com/gradle/wrapper-validation-action - - name: 'Validate Gradle Wrapper' - uses: 'gradle/wrapper-validation-action@9ba54b687bf0f59b62abbf91e0d60de082e8ebc4' # v3.4.1 - # https://github.com/gradle/actions/tree/main/setup-gradle - name: 'Set up Gradle' uses: 'gradle/actions/setup-gradle@31ae3562f68c96d481c31bc1a8a55cc1be162f83' # v3.4.1 @@ -52,8 +48,16 @@ jobs: caches notifications gradle-home-cache-cleanup: 'true' + validate-wrappers: true dependency-graph: 'generate-and-submit' + # https://github.com/gradle/actions/tree/main/dependency-submission + - name: "Generate and submit dependency graph" + uses: "gradle/actions/dependency-submission@31ae3562f68c96d481c31bc1a8a55cc1be162f83" # v3.4.1 + env: + DEPENDENCY_GRAPH_EXCLUDE_PROJECTS: "^:(build-logic|buildSrc|.*[Tt]test.*)" + DEPENDENCY_GRAPH_EXCLUDE_CONFIGURATIONS: ".*[Tt]est.*Classpath" + - name: 'build' run: './gradlew build --info --scan --stacktrace' diff --git a/.github/workflows/dependabot-auto-approve-pr.yml b/.github/workflows/dependabot-auto-approve-pr.yml new file mode 100644 index 0000000000..d60312ca8d --- /dev/null +++ b/.github/workflows/dependabot-auto-approve-pr.yml @@ -0,0 +1,26 @@ +name: Dependabot auto-approve +on: pull_request + +permissions: + pull-requests: write + contents: write + +# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions +jobs: + dependabot: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + # https://github.com/dependabot/fetch-metadata + - name: Dependabot metadata + id: dependabot-metadata + uses: "dependabot/fetch-metadata@5e5f99653a5b510e8555840e80cbf1514ad4af38" # v2.1.0 + + - name: Automatically approve & merge Dependabot patch PRs + if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}} + run: | + gh pr review --approve "$PR_URL" + gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{ github.token }}