From 5f31c6a93966d9e4ea559131395db39491e2e791 Mon Sep 17 00:00:00 2001 From: Marcus Hert Da Coregio Date: Fri, 26 Jan 2024 09:57:41 -0300 Subject: [PATCH] Add Update dependabot.yml Workflow Closes gh-14486 --- .github/dependabot.template.yml | 39 +++++++++++++++++++++++++ .github/workflows/update-dependabot.yml | 37 +++++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 .github/dependabot.template.yml create mode 100644 .github/workflows/update-dependabot.yml diff --git a/.github/dependabot.template.yml b/.github/dependabot.template.yml new file mode 100644 index 0000000000..564fecff69 --- /dev/null +++ b/.github/dependabot.template.yml @@ -0,0 +1,39 @@ +version: 2 + +registries: + spring-milestones: + type: maven-repository + url: https://repo.spring.io/milestone + +updates: + + - package-ecosystem: "gradle" + target-branch: "main" + directory: "/" + schedule: + interval: "daily" + time: "03:00" + timezone: "Etc/UTC" + labels: [ "type: dependency-upgrade" ] + registries: + - "spring-milestones" + ignore: + - dependency-name: "com.nimbusds:nimbus-jose-jwt" # nimbus-jose-jwt gets updated when oauth2-oidc-sdk is updated to ensure consistency + - dependency-name: "org.python:jython" # jython updates break integration tests + - dependency-name: "org.apache.directory.server:*" # ApacheDS version > 1.5.5 contains break changes + - dependency-name: "org.junit:junit-bom" + update-types: [ "version-update:semver-major" ] + - dependency-name: "org.mockito:mockito-bom" + update-types: [ "version-update:semver-major" ] + - dependency-name: "*" + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] + + # GitHub Actions + + - package-ecosystem: github-actions + target-branch: "main" + directory: "/" + schedule: + interval: weekly + ignore: + - dependency-name: "sjohnr/*" diff --git a/.github/workflows/update-dependabot.yml b/.github/workflows/update-dependabot.yml new file mode 100644 index 0000000000..d78f70acfd --- /dev/null +++ b/.github/workflows/update-dependabot.yml @@ -0,0 +1,37 @@ +name: Update dependabot.yml + +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * *' # Once per day at midnight UTC + +permissions: + contents: read + +jobs: + + get-supported-branches: + uses: spring-io/spring-security-release-tools/.github/workflows/retrieve-spring-supported-versions.yml@d615a5694c761901330655fdd0e3721dc4ccf0fe + with: + project: spring-security + type: oss + + main: + runs-on: ubuntu-latest + needs: [get-supported-branches] + if: ${{ (github.repository == 'spring-projects/spring-security') && (github.ref == 'refs/heads/main') }} + permissions: + contents: write + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 1 + - uses: marcusdacoregio/generate-dependabot-yml@380cfc736e153864e970429ea6a640ce46953a17 + name: Update dependabot.yml + with: + gradle-branches: ${{ needs.get-supported-branches.outputs.supported_versions }},main + github-actions-branches: ${{ needs.get-supported-branches.outputs.supported_versions }},main,docs-build + gh-token: ${{ secrets.GITHUB_TOKEN }} + - uses: stefanzweifel/git-auto-commit-action@v5 + with: + commit_message: Update dependabot.yml