From 76320a255cffd772354564c6eacf911bb5c9e02b Mon Sep 17 00:00:00 2001 From: Leon Luttenberger Date: Tue, 28 May 2024 09:27:49 -0500 Subject: [PATCH] chore: Configure dependabot --- .github/dependabot.yaml | 20 ++++++++++++++++++++ .github/workflows/dependabot-prs.yml | 26 ++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 .github/dependabot.yaml create mode 100644 .github/workflows/dependabot-prs.yml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 00000000..03155a52 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,20 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + groups: + production-dependencies: + dependency-type: "production" + development-dependencies: + dependency-type: "development" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/dependabot-prs.yml b/.github/workflows/dependabot-prs.yml new file mode 100644 index 00000000..8c7745ee --- /dev/null +++ b/.github/workflows/dependabot-prs.yml @@ -0,0 +1,26 @@ +name: Dependabot Pull Request Metadata +on: pull_request_target + +jobs: + build: + permissions: + pull-requests: read + + runs-on: ubuntu-latest + if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} + + steps: + - name: Fetch Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v2 + with: + alert-lookup: true + compat-lookup: true + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Add a label for all PRs with an alert state + if: ${{ steps.dependabot-metadata.outputs.alert-state != '' }} + run: gh pr edit "$PR_URL" --add-label "vulnerability" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}