diff --git a/.bandit b/.bandit new file mode 100644 index 0000000..7cad8d5 --- /dev/null +++ b/.bandit @@ -0,0 +1,2 @@ +[bandit] +exclude: *venv*,*env*,*scratch* diff --git a/.github/workflows/lint-renovate.yml b/.github/workflows/lint-renovate.yml new file mode 100644 index 0000000..3d35982 --- /dev/null +++ b/.github/workflows/lint-renovate.yml @@ -0,0 +1,19 @@ +name: Lint Renovate Config + +on: + # Trigger the workflow on push or pull request, + # but only for the main branch + pull_request: {} + push: + branches: ["main"] + +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v3 + - name: 🧼 Lint # Validates changes to renovate.json config file + uses: suzuki-shunsuke/github-action-renovate-config-validator@v0.1.2 + with: + config_file_path: 'renovate.json' diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..e9520fa --- /dev/null +++ b/renovate.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "labels": [ + "renovate/{{depName}}" + ], + "extends": [ + "config:base", + "schedule:earlyMondays", + ":dependencyDashboard", + ":rebaseStalePrs" + ], + "enabledManagers": [ + "docker-compose", + "github-actions", + "pip_requirements" + ] +}