diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..253bcb7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..fea1d11 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,22 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, +# surfacing known-vulnerable versions of the packages declared or updated in the PR. +# Once installed, if the workflow run is marked as required, +# PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: 'Dependency Review' + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 diff --git a/.github/workflows/issues-close-inactive.yml b/.github/workflows/issues-close-inactive.yml index c35062f..c1cb463 100644 --- a/.github/workflows/issues-close-inactive.yml +++ b/.github/workflows/issues-close-inactive.yml @@ -6,8 +6,14 @@ on: schedule: - cron: "0 6 * * *" +permissions: + contents: read + jobs: close-inactive-issues: + permissions: + issues: write # for actions-cool/issues-helper to update issues + pull-requests: write # for actions-cool/issues-helper to update PRs runs-on: ubuntu-latest steps: - name: close-issues diff --git a/.github/workflows/issues-find-inactive.yml b/.github/workflows/issues-find-inactive.yml index 685f5ee..94ecddf 100644 --- a/.github/workflows/issues-find-inactive.yml +++ b/.github/workflows/issues-find-inactive.yml @@ -6,8 +6,14 @@ on: schedule: - cron: "0 5 * * *" +permissions: + contents: read + jobs: check-inactive: + permissions: + issues: write # for actions-cool/issues-helper to update issues + pull-requests: write # for actions-cool/issues-helper to update PRs runs-on: ubuntu-latest steps: - name: check-inactive diff --git a/.github/workflows/issues-notify-inactive.yml b/.github/workflows/issues-notify-inactive.yml index 2fe8a06..79ecb71 100644 --- a/.github/workflows/issues-notify-inactive.yml +++ b/.github/workflows/issues-notify-inactive.yml @@ -6,8 +6,14 @@ on: issues: types: [labeled] +permissions: + contents: read + jobs: issue-labeled: + permissions: + issues: write # for actions-cool/issues-helper to update issues + pull-requests: write # for actions-cool/issues-helper to update PRs runs-on: ubuntu-latest steps: - name: Create comment diff --git a/.github/workflows/issues-remove-inactive.yml b/.github/workflows/issues-remove-inactive.yml index e882e77..1643fc3 100644 --- a/.github/workflows/issues-remove-inactive.yml +++ b/.github/workflows/issues-remove-inactive.yml @@ -8,8 +8,14 @@ on: issue_comment: types: [created, edited] +permissions: + contents: read + jobs: remove-inactive: + permissions: + issues: write # for actions-cool/issues-helper to update issues + pull-requests: write # for actions-cool/issues-helper to update PRs runs-on: ubuntu-latest steps: - name: remove inactive diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..cba0860 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,10 @@ +repos: +- repo: https://github.com/gitleaks/gitleaks + rev: v8.16.3 + hooks: + - id: gitleaks +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: end-of-file-fixer + - id: trailing-whitespace