diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..f2dcefa --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,43 @@ +version: 2 +updates: + - package-ecosystem: npm + directory: / + schedule: + interval: weekly + day: monday + time: "06:30" + timezone: UTC + open-pull-requests-limit: 5 + allow: + - dependency-type: direct + groups: + app-dependencies: + patterns: + - "*" + update-types: + - patch + - minor + labels: + - dependencies + - automated + commit-message: + prefix: deps + + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + day: monday + time: "06:45" + timezone: UTC + open-pull-requests-limit: 2 + groups: + github-actions: + patterns: + - "*" + labels: + - dependencies + - ci + - automated + commit-message: + prefix: ci diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..8e36526 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,35 @@ +name: codeql + +on: + pull_request: + branches: + - main + schedule: + - cron: "17 6 * * 1" + workflow_dispatch: + +permissions: + actions: read + contents: read + security-events: write + +concurrency: + group: codeql-${{ github.ref }} + cancel-in-progress: true + +jobs: + analyze: + name: Analyze (JavaScript/TypeScript) + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: javascript-typescript + queries: security-extended + + - name: Analyze + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/org-required-checks.yml b/.github/workflows/org-required-checks.yml index dbbb012..593b728 100644 --- a/.github/workflows/org-required-checks.yml +++ b/.github/workflows/org-required-checks.yml @@ -12,7 +12,7 @@ on: jobs: verify: - name: verify + name: Check if: | github.event_name == 'pull_request' || (github.event_name == 'deployment_status' && github.event.deployment_status.state == 'success')