Updated GitHub workflows (#50)

Nikita-Smirnov-Exactpro · web-flow · commit 9e973bd93d00 · 2025-08-08T15:26:16.000+04:00
* Updated GitHub workflows
* added CODEOWNERS
* Updated dependabot.yml
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,10 @@
+# This is a comment.
+# Each line is a file pattern followed by one or more owners.
+
+# more information about CODEOWNERS see by the link https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @global-owner1 and @global-owner2 will be requested for
+# review when someone opens a pull request.
+*       @Nikita-Smirnov-Exactpro
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,14 +1,14 @@
 version: 2
 updates:
-  # Enable version updates for Gradle
-  - package-ecosystem: "gradle"
-    # Look for `build.gradle` file in the `root` directory
-    directory: "/"
-    # Check for updates every day (weekdays)
+  - package-ecosystem: gradle
+    directory: /
+    labels:
+      - dependencies
     schedule:
-      interval: "daily"
-    allow:
-      # Allow updates for Exactpro packages
-      - dependency-name: "com.exactpro*"
-    # Allow up to 10 open pull requests
-    open-pull-requests-limit: 10
+      interval: daily
+  - package-ecosystem: github-actions
+    directory: /
+    labels:
+      - dependencies
+    schedule:
+      interval: daily
diff --git a/.github/workflows/build-snapshot.yml b/.github/workflows/build-snapshot.yml
@@ -5,7 +5,6 @@ on:
     branches-ignore:
       - master
       - version-*
-      - dependabot*
     paths-ignore:
       - README.md
 
diff --git a/.github/workflows/ci-unwelcome-words.yml b/.github/workflows/ci-unwelcome-words.yml
@@ -6,6 +6,7 @@ on:
 jobs:
   test:
     runs-on: ubuntu-latest
+    if: github.actor != 'dependabot[bot]'
     steps:
       - uses: actions/checkout@v4
         with:
diff --git a/.github/workflows/dependabot-java-build.yml b/.github/workflows/dependabot-java-build.yml
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -0,0 +1,15 @@
+name: Scan licenses and vulnerabilities in java project
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 1'
+
+jobs:
+  build:
+    uses: th2-net/.github/.github/workflows/compound-java-scan.yml@main
+    secrets:
+      nvd-api-key: ${{ secrets.NVD_APIKEY }}
+      cisa-domain: ${{ secrets.CISA_DOMAIN }}
+      cisa-user: ${{ secrets.CISA_USER }}
+      cisa-password: ${{ secrets.CISA_PWD }}
