diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..bbd62ca --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,21 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "04:00" + timezone: "Europe/Lisbon" + open-pull-requests-limit: 10 + labels: ["deps","ci"] + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "04:15" + timezone: "Europe/Lisbon" + open-pull-requests-limit: 10 + labels: ["deps","python"] + versioning-strategy: increase-if-necessary diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..94e84c3 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,25 @@ +name-template: 'v$NEXT_PATCH_VERSION' +tag-template: 'v$NEXT_PATCH_VERSION' +change-template: '- $TITLE (#$NUMBER)' +no-changes-template: 'No user-facing changes.' + +categories: + - title: '๐Ÿš€ Features' + labels: ['feat','feature','enhancement'] + - title: '๐Ÿ› Fixes' + labels: ['fix','bug','bugfix'] + - title: '๐Ÿงฐ Chores' + labels: ['chore','build','deps'] + - title: '๐Ÿ“š Docs' + labels: ['docs'] + - title: '๐Ÿงช CI' + labels: ['ci'] + +version-resolver: + major: + labels: ['major'] + minor: + labels: ['minor','feat'] + patch: + labels: ['patch','fix','chore','docs','ci','build','deps'] + default: patch diff --git a/.github/workflows/dependabot-label.yml b/.github/workflows/dependabot-label.yml new file mode 100644 index 0000000..0f8f142 --- /dev/null +++ b/.github/workflows/dependabot-label.yml @@ -0,0 +1,37 @@ +name: dependabot metadata and labels +on: + pull_request_target: + types: [opened, edited, synchronize, reopened] + +permissions: + pull-requests: write + contents: read + +jobs: + label: + if: github.actor == 'dependabot[bot]' + runs-on: ubuntu-latest + steps: + - id: meta + uses: dependabot/fetch-metadata@v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Apply labels + uses: actions/github-script@v7 + with: + script: | + const core = require('@actions/core'); + const sev = core.getInput('severity'); + const ecosys = core.getInput('package-ecosystem'); + const labels = new Set(['deps']); + if (ecosys) labels.add(`deps:${ecosys}`); + if (sev) labels.add(`security:${sev.toLowerCase()}`); + await github.rest.issues.addLabels({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.payload.pull_request.number, + labels: Array.from(labels) + }); + env: + severity: ${{ steps.meta.outputs.security-advisory-severity }} + package-ecosystem: ${{ steps.meta.outputs.package-ecosystem }} diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml new file mode 100644 index 0000000..6493219 --- /dev/null +++ b/.github/workflows/release-drafter.yml @@ -0,0 +1,21 @@ +name: Release Drafter +on: + push: + branches: [ "main" ] + pull_request: + types: [opened, edited, reopened, synchronize, ready_for_review, labeled, unlabeled, closed] + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + +jobs: + update: + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@v6 + with: + config-name: release-drafter.yml + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/semantic-pr.yml b/.github/workflows/semantic-pr.yml new file mode 100644 index 0000000..d6e1199 --- /dev/null +++ b/.github/workflows/semantic-pr.yml @@ -0,0 +1,30 @@ +name: semantic PR title +on: + pull_request_target: + types: [opened, edited, synchronize, reopened, ready_for_review] + +permissions: + pull-requests: read + statuses: write + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + types: | + chore + ci + docs + feat + fix + perf + refactor + test + build + requireScope: false + subjectPattern: ^.+$ + wip: true diff --git a/_ci_logs/black.post.yml.log b/_ci_logs/black.post.yml.log new file mode 100644 index 0000000..1883f22 --- /dev/null +++ b/_ci_logs/black.post.yml.log @@ -0,0 +1,2 @@ +All done! โœจ ๐Ÿฐ โœจ +9 files would be left unchanged. diff --git a/_ci_logs/mypy.post.yml.log b/_ci_logs/mypy.post.yml.log new file mode 100644 index 0000000..f6784b5 --- /dev/null +++ b/_ci_logs/mypy.post.yml.log @@ -0,0 +1 @@ +Success: no issues found in 3 source files diff --git a/_ci_logs/pytest.post.yml.log b/_ci_logs/pytest.post.yml.log new file mode 100644 index 0000000..d747653 --- /dev/null +++ b/_ci_logs/pytest.post.yml.log @@ -0,0 +1,12 @@ +............. [100%] + +---------- coverage: platform linux, python 3.12.6-final-0 ----------- +Name Stmts Miss Cover Missing +-------------------------------------------------------------- +src/osv_vuln_bot/__init__.py 2 0 100% +src/osv_vuln_bot/cli.py 41 0 100% +src/osv_vuln_bot/osv_client.py 73 4 95% 53-54, 72-73 +-------------------------------------------------------------- +TOTAL 116 4 97% + +Required test coverage of 95% reached. Total coverage: 96.55% diff --git a/_ci_logs/ruff.post.yml.log b/_ci_logs/ruff.post.yml.log new file mode 100644 index 0000000..1f5f344 --- /dev/null +++ b/_ci_logs/ruff.post.yml.log @@ -0,0 +1 @@ +All checks passed!