Skip to content
This repository was archived by the owner on Apr 14, 2026. It is now read-only.

Improve GH Actions and Dependabot #27

Merged
eloi010 merged 5 commits into from
Feb 13, 2026
Merged

Improve GH Actions and Dependabot #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2197a4e
chore: add dependabot configuration for GitHub Actions
eloi010 Feb 13, 2026
792bfd8
chore: add permissions configuration for workflows
eloi010 Feb 13, 2026
3047187
chore: update job name for build-lint workflow
eloi010 Feb 13, 2026
7afeea7
chore: update checkout step to include persist-credentials configuration
eloi010 Feb 13, 2026
afabc2f
chore: add npm dependencies configuration to dependabot
eloi010 Feb 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 50 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
version: 2

updates:
# 1) GitHub Actions
- package-ecosystem: github-actions
directory: / # GitHub scans .github/workflows from here
schedule:
interval: weekly
day: monday
time: "03:00"
open-pull-requests-limit: 5
assignees: ["alainncls"]
labels: ["dependencies", "github-actions"]
commit-message:
prefix: "deps(actions)"
include: "scope"
groups:
core-actions-minor-patch:
update-types: ["minor", "patch"]
patterns:
- "actions/*"
- "github/*"
third-party-actions-minor-patch:
update-types: ["minor", "patch"]
patterns:
- "*"
exclude-patterns:
- "actions/*"
- "github/*"
Comment thread
eloi010 marked this conversation as resolved.
cooldown:
default-days: 7
Comment thread
eloi010 marked this conversation as resolved.
Comment thread
eloi010 marked this conversation as resolved.

# 2) npm dependencies (package.json)
- package-ecosystem: npm
directory: /
schedule:
interval: weekly
day: monday
time: "04:00"
open-pull-requests-limit: 5
assignees: ["alainncls"]
labels: ["dependencies", "npm"]
commit-message:
prefix: "deps(npm)"
include: "scope"
groups:
npm-minor-patch:
update-types: ["minor", "patch"]
Copy link
Copy Markdown

@cursor cursor bot Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot npm group missing match criteria

Medium Severity

The npm-minor-patch group in .github/dependabot.yml defines only update-types and no dependency selector like patterns or dependency-type. Dependabot group rules require match criteria, so this block can fail validation and prevent expected npm grouping behavior, reducing or blocking automated dependency update flow.

Fix in Cursor Fix in Web

cooldown:
default-days: 7
Comment thread
eloi010 marked this conversation as resolved.
7 changes: 7 additions & 0 deletions .github/workflows/build-lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,20 @@ on:
branches:
- main

permissions: {} # lock everything by default (least-privilege)

jobs:
build-lint:
name: Build & Lint
runs-on: ubuntu-latest
permissions:
contents: read

steps:
- name: Check out the repo
uses: actions/checkout@v6
with:
persist-credentials: false

- name: Install Node.js
uses: actions/setup-node@v6
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/security-code-scanner.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ on:
required: false
workflow_dispatch:

permissions: {} # lock everything by default (least-privilege)

jobs:
security-scan:
uses: MetaMask/action-security-code-scanner/.github/workflows/security-scan.yml@v2
Expand Down