diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..f6cfc74 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,10 @@ +# This is a comment. +# Each line is a file pattern followed by one or more owners. + +# more information about CODEOWNERS see by the link https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners + +# These owners will be the default owners for everything in +# the repo. Unless a later match takes precedence, +# @global-owner1 and @global-owner2 will be requested for +# review when someone opens a pull request. +* @Nikita-Smirnov-Exactpro diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8094d15..34dea22 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,14 +1,14 @@ version: 2 updates: - # Enable version updates for Gradle - - package-ecosystem: "gradle" - # Look for `build.gradle` file in the `root` directory - directory: "/" - # Check for updates every day (weekdays) + - package-ecosystem: gradle + directory: / + labels: + - dependencies schedule: - interval: "daily" - allow: - # Allow updates for Exactpro packages - - dependency-name: "com.exactpro*" - # Allow up to 10 open pull requests - open-pull-requests-limit: 10 + interval: daily + - package-ecosystem: github-actions + directory: / + labels: + - dependencies + schedule: + interval: daily \ No newline at end of file diff --git a/.github/workflows/build-sanpshot.yml b/.github/workflows/build-snapshot.yml similarity index 97% rename from .github/workflows/build-sanpshot.yml rename to .github/workflows/build-snapshot.yml index ef1681b..e934dc7 100644 --- a/.github/workflows/build-sanpshot.yml +++ b/.github/workflows/build-snapshot.yml @@ -5,7 +5,6 @@ on: branches-ignore: - master - version-* - - dependabot* paths-ignore: - README.md diff --git a/.github/workflows/ci-unwelcome-words.yml b/.github/workflows/ci-unwelcome-words.yml index 39d4010..1eb31c0 100644 --- a/.github/workflows/ci-unwelcome-words.yml +++ b/.github/workflows/ci-unwelcome-words.yml @@ -6,6 +6,7 @@ on: jobs: test: runs-on: ubuntu-latest + if: github.actor != 'dependabot[bot]' steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/dependabot-java-build.yml b/.github/workflows/dependabot-java-build.yml deleted file mode 100644 index 6947bf3..0000000 --- a/.github/workflows/dependabot-java-build.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Dependabot build check - -on: - push: - branches: - - dependabot* - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - # Build package - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: '11' - - name: Build with Gradle - run: ./gradlew --info clean build diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml new file mode 100644 index 0000000..0197710 --- /dev/null +++ b/.github/workflows/scan.yml @@ -0,0 +1,15 @@ +name: Scan licenses and vulnerabilities in java project + +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * 1' + +jobs: + build: + uses: th2-net/.github/.github/workflows/compound-java-scan.yml@main + secrets: + nvd-api-key: ${{ secrets.NVD_APIKEY }} + cisa-domain: ${{ secrets.CISA_DOMAIN }} + cisa-user: ${{ secrets.CISA_USER }} + cisa-password: ${{ secrets.CISA_PWD }} \ No newline at end of file