From 755f2e74d1e84a0ced59baca41d43889c6f4783b Mon Sep 17 00:00:00 2001 From: jmeridth Date: Wed, 5 Jun 2024 17:09:41 -0500 Subject: [PATCH] chore: group dependabot updates when minor/patch - [x] change dependabot config to group dependencies - leave major dependency updates to their own PR so they stand out and are tested correctly - prefix the PRs with `chore(deps)` to adhere to conventional commits - [x] ensure GitHub Actions permissions are explicit and default to read contents Signed-off-by: jmeridth --- .github/dependabot.yaml | 8 ++++++++ .github/workflows/auto-assign-author.yaml | 5 ++++- .github/workflows/stale.yaml | 8 ++++---- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 641f03d..dec076e 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -8,3 +8,11 @@ updates: labels: - "dependabot" - "dependencies" + commit-message: + prefix: "chore(deps)" + groups: + dependencies: + applies-to: version-updates + update-types: + - "minor" + - "patch" diff --git a/.github/workflows/auto-assign-author.yaml b/.github/workflows/auto-assign-author.yaml index 4b69d97..331ae4f 100644 --- a/.github/workflows/auto-assign-author.yaml +++ b/.github/workflows/auto-assign-author.yaml @@ -3,9 +3,12 @@ name: 'Auto Author Assign' on: pull_request_target: types: [opened, reopened] - +permissions: + contents: read jobs: assign-author: + permissions: + pull-requests: write runs-on: ubuntu-latest steps: - uses: toshimaru/auto-author-assign@ebd30f10fb56e46eb0759a14951f36991426fed0 # (latest, untagged) diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 9bbe01f..1215462 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -3,13 +3,13 @@ on: workflow_dispatch: schedule: - cron: '30 1 * * *' # https://crontab.guru/#30_1_*_*_* (everyday at 0130) - permissions: - issues: write - pull-requests: write - + contents: read jobs: stale: + permissions: + issues: write + pull-requests: write runs-on: ubuntu-latest steps: - uses: actions/stale@3f3b0175e8c66fb49b9a6d5a0cd1f8436d4c3ab6 # (latest, untagged)