Skip to content

Commit a62107f

Browse files
ofershapcursoragent
ofershap
and
cursoragent
committed
ci: bump actions/checkout to v6, group dependabot PRs, add auto-merge
- Bump actions/checkout from v4 to v6 across all workflows - Reconfigure dependabot to group all deps into single PRs - Add workflow to auto-merge dependabot PRs after checks pass Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent ab08ad9 commit a62107f

6 files changed

Lines changed: 39 additions & 16 deletions

File tree

.github/dependabot.yml

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,17 @@ updates:
44
directory: /
55
schedule:
66
interval: weekly
7-
open-pull-requests-limit: 10
7+
open-pull-requests-limit: 5
88
groups:
9-
minor-and-patch:
10-
update-types:
11-
- minor
12-
- patch
9+
all-dependencies:
10+
patterns:
11+
- "*"
1312
- package-ecosystem: github-actions
1413
directory: /
1514
schedule:
1615
interval: weekly
1716
open-pull-requests-limit: 5
17+
groups:
18+
all-actions:
19+
patterns:
20+
- "*"

.github/workflows/ci.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
matrix:
1414
node-version: [20, 22]
1515
steps:
16-
- uses: actions/checkout@v4
16+
- uses: actions/checkout@v6
1717
- uses: actions/setup-node@v6
1818
with:
1919
node-version: ${{ matrix.node-version }}

.github/workflows/codeql.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
matrix:
2121
language: [javascript-typescript]
2222
steps:
23-
- uses: actions/checkout@v4
23+
- uses: actions/checkout@v6
2424
- uses: github/codeql-action/init@v4
2525
with:
2626
languages: ${{ matrix.language }}

.github/workflows/dependabot-auto-merge.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
name: Dependabot Auto-Merge
2+
3+
on: pull_request
4+
5+
permissions:
6+
contents: write
7+
pull-requests: write
8+
9+
jobs:
10+
auto-merge:
11+
runs-on: ubuntu-latest
12+
if: github.actor == 'dependabot[bot]'
13+
steps:
14+
- uses: actions/checkout@v6
15+
- run: gh pr merge --auto --squash "$PR_URL"
16+
env:
17+
PR_URL: ${{ github.event.pull_request.html_url }}
18+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -5,25 +5,27 @@ on:
55
branches: [main]
66

77
permissions:
8-
contents: write
9-
issues: write
10-
pull-requests: write
8+
contents: read
119

1210
jobs:
1311
release:
1412
runs-on: ubuntu-latest
13+
permissions:
14+
contents: write
15+
issues: write
16+
pull-requests: write
17+
id-token: write
1518
steps:
16-
- uses: actions/checkout@v4
19+
- uses: actions/checkout@v6
1720
with:
1821
fetch-depth: 0
1922
- uses: actions/setup-node@v6
2023
with:
21-
node-version: 22
22-
cache: npm
23-
- run: npm ci
24+
node-version: lts/*
25+
- run: npm clean-install
26+
- run: npm audit signatures
2427
- run: npm run build
2528
- run: npm test
2629
- run: npx semantic-release
2730
env:
2831
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
29-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/scorecard.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
security-events: write
1616
id-token: write
1717
steps:
18-
- uses: actions/checkout@v4
18+
- uses: actions/checkout@v6
1919
with:
2020
persist-credentials: false
2121
- uses: ossf/scorecard-action@v2.4.3

0 commit comments

Comments
 (0)