Skip to content

Dependabot changes #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
GitTimeraider merged 1 commit into from
Mar 23, 2026
Merged

Dependabot changes #107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,16 @@ updates:
directory: "/"
schedule:
interval: "weekly"
target-branch: "develop"

- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "weekly"
target-branch: "develop"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
target-branch: "develop"
43 changes: 43 additions & 0 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: "CodeQL Analysis"

Comment on lines +1 to +2
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR title implies only Dependabot-related changes, but this PR also adds a new CodeQL workflow. Consider updating the PR title/description to reflect the CodeQL addition so reviewers and release notes aren’t misleading.

Copilot uses AI. Check for mistakes.
on:
push:
branches:
- develop
pull_request:
branches:
Comment on lines +5 to +8
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This workflow is scoped to develop only. In this repo there are workflows that run on main as well (e.g., docker-publish.yml), so CodeQL scanning may not run for pushes/PRs targeting main. If main is an active integration or default branch, add it to the push/pull_request branch filters (or omit filters) to ensure code scanning results are produced where they’re most useful.

Suggested change
branches:
- develop
pull_request:
branches:
branches:
- main
- develop
pull_request:
branches:
- main

Copilot uses AI. Check for mistakes.
- develop
schedule:
- cron: "0 3 * * 1"

jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read

strategy:
fail-fast: false
matrix:
language:
- python

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@v3

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{ matrix.language }}"
Loading