Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(dependabot): add dependabot.yml configuration #1473

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
version: 2
updates:
- package-ecosystem: "github-actions" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"

40 changes: 40 additions & 0 deletions .github/release-drafts/increasing-minor-version.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
_extends: .github:.github/release-drafts/increasing-minor-version.yml
template: |
# :mega: Play $NEXT_MINOR_VERSION Released

The Play Team is proud to announce the release of Play $NEXT_MINOR_VERSION. This release adds many new features and continues our efforts to make Play more modular, flexible, and secure. Play $NEXT_MINOR_VERSION is the result of more than **X months** of relentless work from our fantastic community, comprehending **more than a thousand (TODO?) changes** made from **X contributors**.

## :green_book: What is new?

The highlights in Play $NEXT_MINOR_VERSION include, but are not limited by:

To get started with Play, follow the instructions in our [Getting Started page](https://www.playframework.com/documentation/1.5.x/home#started).

## Full Changelog

Following pull requests got merged for this release:
<details>
<summary>Following pull requests got merged for this release (click to expand)</summary>

$CHANGES
</details>

For more details see the [full list of changes](https://github.com/playframework/play1/compare/$PREVIOUS_TAG...$NEXT_MINOR_VERSION/) and the [$NEXT_MINOR_VERSION milestone](https://github.com/playframework/play1/issues?page=1&q=milestone%3A%22$NEXT_MINOR_VERSION%22).

## 🙇 Thanks to our contributors

Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!


categories:
- title: '🚀 Features'
labels:
- 'feature'
- 'refactoring'
- title: '🐛 Bug Fixes'
label: 'bug'
- title: 📦 Dependency updates
label: 'dependencies'
- title: 📖 Documentation
label: 'documentation'
23 changes: 23 additions & 0 deletions .github/release-drafts/release-drafter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Release Drafter

on:
push:
branches:
- master

permissions: {}
jobs:
update_release_draft:
permissions:
pull-requests: write # to add label to PR (release-drafter/release-drafter)
contents: write # to create a github release (release-drafter/release-drafter)

runs-on: ubuntu-latest
steps:
- uses: release-drafter/release-drafter@v6
with:
name: "Play $RESOLVED_VERSION"
config-name: release-drafts/increasing-minor-version.yml # located in .github/ in the default branch within this or the .github repo
commitish: ${{ env.GITHUB_REF_NAME }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
58 changes: 58 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: "CodeQL"

on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
schedule:
- cron: '15 1 * * 6'

jobs:
analyze:
name: Analyze
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners
# Consider using larger runners for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
permissions:
# required for all workflows
security-events: write

# only required for workflows in private repositories
actions: read
contents: read

strategy:
fail-fast: false
matrix:
language: [ 'java-kotlin', 'javascript-typescript', 'python' ]

steps:
- name: Checkout repository
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality

- name: Build with Ant
if: ${{ matrix.language }} == 'java-kotlin'
working-directory: ./framework
run: ant jar

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
Loading