From 64a22e362fc8cb2ea932b96b072d2d5b27137eb6 Mon Sep 17 00:00:00 2001 From: Enderson Maia Date: Wed, 15 Apr 2026 11:16:05 -0300 Subject: [PATCH 1/2] ci: add flag-sensitite workflow --- .github/workflows/flag-sensitive.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/flag-sensitive.yml diff --git a/.github/workflows/flag-sensitive.yml b/.github/workflows/flag-sensitive.yml new file mode 100644 index 0000000..88269f8 --- /dev/null +++ b/.github/workflows/flag-sensitive.yml @@ -0,0 +1,26 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: Flag sensitive changes +on: + pull_request_target: + paths: + - '.github/workflows/**' + +jobs: + warn: + runs-on: ubuntu-latest + steps: + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + with: + script: | + await github.rest.issues.addLabels({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + labels: ['sensitive files'] + }); + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body: '\u26a0\ufe0f This PR modifies CI workflows. Requires careful review before approval. \u26a0\ufe0f' + }); From 30d02ed11ebbdd9ee819aa8ef6998d159dc58d04 Mon Sep 17 00:00:00 2001 From: Enderson Maia Date: Wed, 15 Apr 2026 11:19:40 -0300 Subject: [PATCH 2/2] ci: add dependabot for github-actions --- .github/dependabot.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..2ed7ce3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "ci(deps)" + pull-request-branch-name: + separator: "/"