From 9683ee532a0d9c595fbf7cbd0999c4f07f1fc47f Mon Sep 17 00:00:00 2001
From: Daniel Pepper <pepper.daniel@gmail.com>
Date: Sun, 12 Feb 2023 20:46:54 -0800
Subject: [PATCH] add lockfile and dependabot

---
 .github/dependabot.yml           | 16 +++++++++
 .github/workflows/dependabot.yml | 32 +++++++++++++++++
 .github/workflows/ruby.yml       | 13 +++----
 .gitignore                       |  1 -
 Gemfile.lock                     | 61 ++++++++++++++++++++++++++++++++
 5 files changed, 114 insertions(+), 9 deletions(-)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/dependabot.yml
 create mode 100644 Gemfile.lock

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..c0e71d8
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    pull-request-branch-name:
+      separator: "-"
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    pull-request-branch-name:
+      separator: "-"
diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
new file mode 100644
index 0000000..2d9f9fe
--- /dev/null
+++ b/.github/workflows/dependabot.yml
@@ -0,0 +1,32 @@
+name: Dependabot automations
+on: pull_request
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    env:
+      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+    steps:
+      - uses: actions/checkout@v3
+      - name: checkout PR branch
+        # set upstream for other gh commands
+        run: gh pr checkout ${{github.event.pull_request.number}}
+      - name: Fetch PR metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+      - name: Approve PR
+        if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        run: |
+          if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ]; then
+            gh pr review --approve
+          else
+            echo "PR already approved"
+          fi
+      - name: Enable auto-merge
+        if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        run: gh pr merge --auto --squash
+
+permissions:
+  contents: write
+  pull-requests: write
diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml
index 7f5fc06..2d4ab33 100644
--- a/.github/workflows/ruby.yml
+++ b/.github/workflows/ruby.yml
@@ -1,10 +1,8 @@
-# install dependencies and run tests
-# https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+name: Ruby
 
 on:
   push:
-    paths-ignore:
-    - '**.md'
+    branches: [ main ]
   pull_request:
     types: [ opened, edited, synchronize ]
 
@@ -13,20 +11,19 @@ jobs:
     runs-on: ubuntu-latest
 
     strategy:
+      fail-fast: false
       matrix:
-        ruby-version: [ 3.0, 2.7 ]
+        ruby-version: [ 3.1, 3.0, 2.7 ]
 
     name: Ruby ${{ matrix.ruby-version }}
 
     steps:
       - name: clone ${{ github.repository }}
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: setup Ruby ${{ matrix.ruby-version }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version }}
           bundler-cache: true
-      - name: install dependencies
-        run: bundle install
       - name: run tests
         run: bundle exec rspec
diff --git a/.gitignore b/.gitignore
index a9cc406..af31c1b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,3 @@
 *.gem
 .byebug_history
 coverage
-Gemfile.lock
diff --git a/Gemfile.lock b/Gemfile.lock
new file mode 100644
index 0000000..754c13e
--- /dev/null
+++ b/Gemfile.lock
@@ -0,0 +1,61 @@
+PATH
+  remote: .
+  specs:
+    rspec-uuid (0.5.0)
+      rspec-expectations (>= 3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (7.0.4.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    byebug (11.1.3)
+    codecov (0.6.0)
+      simplecov (>= 0.15, < 0.22)
+    concurrent-ruby (1.2.0)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    faker (3.1.1)
+      i18n (>= 1.8.11, < 2)
+    i18n (1.12.0)
+      concurrent-ruby (~> 1.0)
+    minitest (5.17.0)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.1)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+    simplecov (0.21.2)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activesupport
+  byebug
+  codecov
+  faker
+  rspec
+  rspec-uuid!
+  simplecov
+
+BUNDLED WITH
+   2.3.17