diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 418151e..15fe7f0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,9 +1,11 @@ +--- # To get started with Dependabot version updates, you'll need to specify which # package ecosystems to update and where the package manifests are located. # Please see the documentation for all configuration options: # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file version: 2 + updates: - package-ecosystem: "bundler" directory: "/" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 3005a11..1d2830c 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,21 +1,28 @@ -# Need a GitHub Advanced Security license to run this action on private repos. - +--- name: Dependency Review + on: pull_request: - types: [opened, edited, reopened, synchronize] + types: + - edited + - opened + - reopened + - synchronize -permissions: - contents: read +permissions: {} jobs: dependency-review: + name: Dependency Review runs-on: ubuntu-latest + permissions: + contents: read steps: - - name: Checkout Repository - uses: actions/checkout@v4 + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Dependency Review - uses: actions/dependency-review-action@v3 + uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 with: - # Possible values: critical, high, moderate, low fail-on-severity: critical diff --git a/.github/workflows/format-code.yml b/.github/workflows/format-code.yml deleted file mode 100644 index 5a82751..0000000 --- a/.github/workflows/format-code.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: code-formatter - -on: - pull_request: - types: [opened, edited, reopened, synchronize] - -jobs: - format-code: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: ministryofjustice/github-actions/code-formatter@v14 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/LICENSE b/LICENSE index a2d7257..c5a24ab 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2022 Crown Copyright (Ministry of Justice) +Copyright (c) 2024 Crown Copyright (Ministry of Justice) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 967ab38..b6878d8 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ The repository comes with the following preset files: - .gitignore - CODEOWNERS - dependabot.yml -- GitHub Actions example file -- Ministry of Justice Compliance Badge (Public repositories only) +- GitHub Actions example files +- Ministry of Justice Compliance Badge (public repositories only) ## Setup Instructions @@ -61,4 +61,6 @@ To add an Outside Collaborator to the repository, follow the guidelines detailed Adapt the dependabot.yml file to match your project's [dependency manager](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) and to enable [automated pull requests for package updates](https://docs.github.com/en/code-security/supply-chain-security). -If your repository is private with no GitHub Advanced Security license, remove the .github/workflows/dependency-review.yml file. +### Dependency Review + +If your repository is private with no GitHub Advanced Security license, remove the `.github/workflows/dependency-review.yml` file.