diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c673eaf --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,18 @@ +version: 2 +updates: + - package-ecosystem: "maven" + directory: "/" + schedule: + interval: "weekly" + target-branch: "develop" + open-pull-requests-limit: 5 + groups: + minor-and-patch: + update-types: + - "minor" + - "patch" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + target-branch: "develop" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e9f817d..6614de5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,6 +13,9 @@ on: jobs: build: uses: fireflyframework/.github/.github/workflows/java-ci.yml@main + permissions: + packages: read + contents: read + actions: write with: java-version: '25' - diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..26085a8 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,32 @@ +name: Dependabot Auto-Merge + +on: pull_request + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Fetch Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Approve patch and minor updates + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Auto-merge patch and minor updates + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/dependabot-ci.yml b/.github/workflows/dependabot-ci.yml new file mode 100644 index 0000000..25bfe12 --- /dev/null +++ b/.github/workflows/dependabot-ci.yml @@ -0,0 +1,82 @@ +name: Dependabot CI +on: + pull_request_target: + branches: [develop, main] + +permissions: + contents: read + packages: read + statuses: write + +jobs: + build: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Checkout PR code + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Set up JDK 25 + uses: actions/setup-java@v4 + with: + java-version: '25' + distribution: temurin + cache: maven + + - name: Configure GitHub Packages + run: | + mkdir -p ~/.m2 + cat > ~/.m2/settings.xml << 'EOF' + + + + github + ${env.GITHUB_ACTOR} + ${env.GITHUB_TOKEN} + + + + + github-packages + + + github + https://maven.pkg.github.com/fireflyframework/fireflyframework-parent + true + true + + + + + + github-packages + + + EOF + + - name: Build with Maven + run: mvn -B verify + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Report build status + if: always() + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + if [ "${{ job.status }}" = "success" ]; then + STATE="success" + DESC="Dependabot build passed" + else + STATE="failure" + DESC="Dependabot build failed" + fi + gh api "repos/${{ github.repository }}/statuses/${{ github.event.pull_request.head.sha }}" \ + -f state="$STATE" \ + -f context="build / build" \ + -f description="$DESC" \ + -f target_url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"