From 5dfb1d0c3cf14e0f8d73001f962b78d348c6b3f1 Mon Sep 17 00:00:00 2001 From: Yannic Labonte Date: Thu, 21 Mar 2024 20:02:04 +0100 Subject: [PATCH] Testing GitHub's built-in auto-merge feature for dependabot PRs --- .github/workflows/automerge.yml | 11 ++++++----- .github/workflows/ci.yml | 5 +++++ .github/workflows/codeql.yml | 1 - CODE_OF_CONDUCT.md | 6 ------ SECURITY.md | 13 +++++-------- 5 files changed, 16 insertions(+), 20 deletions(-) diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index c0cbb57..acb0715 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -1,10 +1,11 @@ name: "Auto-Merge Dependabot PRs" -on: [ pull_request ] +on: + pull_request: + branches: + - "master" permissions: - actions: read - security-events: write contents: write pull-requests: write @@ -19,8 +20,8 @@ jobs: runs-on: ubuntu-latest if: github.actor == 'dependabot[bot]' steps: - - name: "Auto-merge the PRs" - run: gh pr merge --auto --merge "$PR_URL" + - name: "Approve PR to enable auto-merge" + run: gh pr review --approve "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}} GH_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6d5b83f..ceeb5d9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,6 +10,11 @@ on: - "master" - "develop" - "feature/*" + pull_request: + branches: + - "master" + - "develop" + - "feature/*" workflow_call: jobs: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3af51ef..74cc507 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,7 +16,6 @@ on: branches: [ "master" ] schedule: - cron: '43 0 * * 2' - workflow_call: jobs: analyze: diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 82466a3..20e21ee 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,7 +1,6 @@ # Contributor Covenant Code of Conduct ## Our Pledge - In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body @@ -10,7 +9,6 @@ level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation. ## Our Standards - Examples of behavior that contributes to creating a positive environment include: @@ -32,7 +30,6 @@ Examples of unacceptable behavior by participants include: professional setting ## Our Responsibilities - Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. @@ -44,7 +41,6 @@ permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. ## Scope - This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail @@ -53,7 +49,6 @@ representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. ## Enforcement - Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at yannic.labonte@gmail.com. All complaints will be reviewed and investigated and will result in a response that @@ -66,7 +61,6 @@ faith may face temporary or permanent repercussions as determined by other members of the project's leadership. ## Attribution - This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html diff --git a/SECURITY.md b/SECURITY.md index fce934b..4f0b098 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,13 +1,10 @@ # Security Policy ## Supported Versions - -Always use the most recent version. There will be no support for older -versions. +Always use the most recent version available as `stable` or `latest` in ioBroker. +There will be no support for outdated versions. ## Reporting a Vulnerability - -If you identify a vulnerability, please consider that this may affect other -people/projects as well. This in mind please email me (Yannic Labonte -) first, so I can react and maybe fix the issue, -before publishing it to the public (e.g. in a github issue). +If you identify a vulnerability, please consider that this may affect other people/projects as well. This in mind please +email me (Yannic Labonte ) first, so I can react and maybe fix the issue, before it is +published to the public (e.g. in a github issue) and maybe misused by third parties.