Skip to content

ci: add Dependabot, security audit, release-please, and CI optimization#64

Merged
jackwener merged 7 commits intojackwener:mainfrom
ByteYue:npm_audit
Mar 18, 2026
Merged

ci: add Dependabot, security audit, release-please, and CI optimization#64
jackwener merged 7 commits intojackwener:mainfrom
ByteYue:npm_audit

Conversation

@ByteYue
Copy link
Contributor

@ByteYue ByteYue commented Mar 18, 2026

Description

Add CI/CD automation and hardening for the opencli project (Roadmap Phase 7.5, 7.6, 7.8, 7.9).

Changes

Dependabot

  • Weekly auto-update PRs for npm dependencies and GitHub Actions versions
  • Conventional commit prefixes (chore(deps), chore(ci))

Security Audit

  • New security.yml workflow: runs npm audit + audit-ci on push/PR and weekly
  • Fails CI on high-severity vulnerabilities (production deps only)

Changelog Automation

  • New release-please.ymlworkflow: auto-generates CHANGELOG.md and version bump PRs from Conventional Commits
  • Works alongside existing release.yml for npm publish on tag

CI Optimization

  • Add concurrency groups to ci.yml, e2e-headed.yml, security.yml— cancels duplicate runs on the same branch
  • Node.js version matrix (18 / 20 / 22) for unit tests with fail-fast: false

Checklist

  • No code changes — CI/config files only
  • All YAML files are valid
  • Existing workflows unchanged in behavior (additive only)

ByteYue and others added 7 commits March 18, 2026 23:07
@ByteYue
chore(ci): add Dependabot for npm and GitHub Actions updates
cd6095d 
- Weekly npm dependency updates with PR limit of 10
- Weekly GitHub Actions version updates with PR limit of 5
- Conventional commit prefixes (chore(deps), chore(ci))
@ByteYue
ci: add security audit workflow
4b031a7 
- Run npm audit on push/PR and weekly schedule
- Fail on high-severity vulnerabilities using audit-ci
- Only audit production dependencies
@ByteYue
ci: add release-please for automated changelog and versioning
b5052d8 
- Auto-generate CHANGELOG.md from Conventional Commits
- Create version bump PRs on push to main
- Works alongside existing release.yml for npm publish
@ByteYue
ci: add concurrency controls and Node.js version matrix
4d63674 
- Add concurrency groups to ci, e2e-headed, security workflows
  to cancel duplicate runs on the same branch
- Test unit tests across Node 18/20/22 with fail-fast: false
- Update test step name to show Node version
@ByteYue
chore: bump minimum Node.js version from 18 to 20
d7ece58 
- Update engines.node in package.json to >=20.0.0
- Update prerequisites in README.md and README.zh-CN.md
- Remove Node 18 from CI test matrix
@jackwener
review: fix release token and prod-only audit scope
6eb868c
@jackwener
docs: align Node 20 troubleshooting guidance
5c93aca
@jackwener jackwener merged commit 515ce75 into jackwener:main Mar 18, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ByteYue @jackwener