Skip to content
This repository was archived by the owner on Apr 14, 2026. It is now read-only.

Commit fe67ba0

Browse files
eloi010eloi010
authored
Improve GH Actions and Dependabot (#27)
1 parent c059192 commit fe67ba0

3 files changed

Lines changed: 59 additions & 0 deletions

File tree

.github/dependabot.yml

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
version: 2
2+
3+
updates:
4+
# 1) GitHub Actions
5+
- package-ecosystem: github-actions
6+
directory: / # GitHub scans .github/workflows from here
7+
schedule:
8+
interval: weekly
9+
day: monday
10+
time: "03:00"
11+
open-pull-requests-limit: 5
12+
assignees: ["alainncls"]
13+
labels: ["dependencies", "github-actions"]
14+
commit-message:
15+
prefix: "deps(actions)"
16+
include: "scope"
17+
groups:
18+
core-actions-minor-patch:
19+
update-types: ["minor", "patch"]
20+
patterns:
21+
- "actions/*"
22+
- "github/*"
23+
third-party-actions-minor-patch:
24+
update-types: ["minor", "patch"]
25+
patterns:
26+
- "*"
27+
exclude-patterns:
28+
- "actions/*"
29+
- "github/*"
30+
cooldown:
31+
default-days: 7
32+
33+
# 2) npm dependencies (package.json)
34+
- package-ecosystem: npm
35+
directory: /
36+
schedule:
37+
interval: weekly
38+
day: monday
39+
time: "04:00"
40+
open-pull-requests-limit: 5
41+
assignees: ["alainncls"]
42+
labels: ["dependencies", "npm"]
43+
commit-message:
44+
prefix: "deps(npm)"
45+
include: "scope"
46+
groups:
47+
npm-minor-patch:
48+
update-types: ["minor", "patch"]
49+
cooldown:
50+
default-days: 7

.github/workflows/build-lint.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,20 @@ on:
88
branches:
99
- main
1010

11+
permissions: {} # lock everything by default (least-privilege)
12+
1113
jobs:
1214
build-lint:
15+
name: Build & Lint
1316
runs-on: ubuntu-latest
17+
permissions:
18+
contents: read
1419

1520
steps:
1621
- name: Check out the repo
1722
uses: actions/checkout@v6
23+
with:
24+
persist-credentials: false
1825

1926
- name: Install Node.js
2027
uses: actions/setup-node@v6

.github/workflows/security-code-scanner.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ on:
1515
required: false
1616
workflow_dispatch:
1717

18+
permissions: {} # lock everything by default (least-privilege)
19+
1820
jobs:
1921
security-scan:
2022
uses: MetaMask/action-security-code-scanner/.github/workflows/security-scan.yml@v2

0 commit comments

Comments
 (0)