ci: add Release Drafter, semantic PR check, Dependabot + labels (#3)

Author: CoderDeltaLAN

.github/dependabot.yml

@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "04:00"
+      timezone: "Europe/Lisbon"
+    open-pull-requests-limit: 10
+    labels: ["deps","ci"]
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "04:15"
+      timezone: "Europe/Lisbon"
+    open-pull-requests-limit: 10
+    labels: ["deps","python"]
+    versioning-strategy: increase-if-necessary

.github/release-drafter.yml

@@ -0,0 +1,25 @@
+name-template: 'v$NEXT_PATCH_VERSION'
+tag-template: 'v$NEXT_PATCH_VERSION'
+change-template: '- $TITLE (#$NUMBER)'
+no-changes-template: 'No user-facing changes.'
+
+categories:
+  - title: '🚀 Features'
+    labels: ['feat','feature','enhancement']
+  - title: '🐛 Fixes'
+    labels: ['fix','bug','bugfix']
+  - title: '🧰 Chores'
+    labels: ['chore','build','deps']
+  - title: '📚 Docs'
+    labels: ['docs']
+  - title: '🧪 CI'
+    labels: ['ci']
+
+version-resolver:
+  major:
+    labels: ['major']
+  minor:
+    labels: ['minor','feat']
+  patch:
+    labels: ['patch','fix','chore','docs','ci','build','deps']
+  default: patch

.github/workflows/dependabot-label.yml

@@ -0,0 +1,37 @@
+name: dependabot metadata and labels
+on:
+  pull_request_target:
+    types: [opened, edited, synchronize, reopened]
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  label:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - id: meta
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Apply labels
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const core = require('@actions/core');
+            const sev = core.getInput('severity');
+            const ecosys = core.getInput('package-ecosystem');
+            const labels = new Set(['deps']);
+            if (ecosys) labels.add(`deps:${ecosys}`);
+            if (sev) labels.add(`security:${sev.toLowerCase()}`);
+            await github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.pull_request.number,
+              labels: Array.from(labels)
+            });
+        env:
+          severity: ${{ steps.meta.outputs.security-advisory-severity }}
+          package-ecosystem: ${{ steps.meta.outputs.package-ecosystem }}

.github/workflows/release-drafter.yml

@@ -0,0 +1,21 @@
+name: Release Drafter
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    types: [opened, edited, reopened, synchronize, ready_for_review, labeled, unlabeled, closed]
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@v6
+        with:
+          config-name: release-drafter.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/semantic-pr.yml

@@ -0,0 +1,30 @@
+name: semantic PR title
+on:
+  pull_request_target:
+    types: [opened, edited, synchronize, reopened, ready_for_review]
+
+permissions:
+  pull-requests: read
+  statuses: write
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          types: |
+            chore
+            ci
+            docs
+            feat
+            fix
+            perf
+            refactor
+            test
+            build
+          requireScope: false
+          subjectPattern: ^.+$
+          wip: true

_ci_logs/black.post.yml.log

@@ -0,0 +1,2 @@
+All done! ✨ 🍰 ✨
+9 files would be left unchanged.

_ci_logs/mypy.post.yml.log

@@ -0,0 +1 @@
+Success: no issues found in 3 source files

_ci_logs/pytest.post.yml.log

@@ -0,0 +1,12 @@
+.............                                                            [100%]
+
+---------- coverage: platform linux, python 3.12.6-final-0 -----------
+Name                             Stmts   Miss  Cover   Missing
+--------------------------------------------------------------
+src/osv_vuln_bot/__init__.py         2      0   100%
+src/osv_vuln_bot/cli.py             41      0   100%
+src/osv_vuln_bot/osv_client.py      73      4    95%   53-54, 72-73
+--------------------------------------------------------------
+TOTAL                              116      4    97%
+
+Required test coverage of 95% reached. Total coverage: 96.55%

_ci_logs/ruff.post.yml.log

@@ -0,0 +1 @@
+All checks passed!