From 97d409e7e99158ea462b3032ae5c12d0bea396ce Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Tue, 20 Feb 2024 22:39:29 +0000 Subject: [PATCH 1/3] Update LICENSE year Update README wording Update Dependabot ecosystems Update GitHub Actions workflow files Signed-off-by: Jacob Woffenden --- .github/dependabot.yml | 6 ++++++ .github/workflows/code-formatter.yml | 27 +++++++++++++++++++++++++ .github/workflows/dependency-review.yml | 24 ++++++++++++++-------- .github/workflows/format-code.yml | 14 ------------- LICENSE | 2 +- README.md | 8 +++++--- 6 files changed, 55 insertions(+), 26 deletions(-) create mode 100644 .github/workflows/code-formatter.yml delete mode 100644 .github/workflows/format-code.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 418151e..2b4ab5c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,9 +1,11 @@ +--- # To get started with Dependabot version updates, you'll need to specify which # package ecosystems to update and where the package manifests are located. # Please see the documentation for all configuration options: # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file version: 2 + updates: - package-ecosystem: "bundler" directory: "/" @@ -33,3 +35,7 @@ updates: directory: "/" schedule: interval: "daily" + - package-ecosystem: "devcontainers" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/code-formatter.yml b/.github/workflows/code-formatter.yml new file mode 100644 index 0000000..0b60631 --- /dev/null +++ b/.github/workflows/code-formatter.yml @@ -0,0 +1,27 @@ +--- +name: Code Formatter + +on: + pull_request: + types: + - edited + - opened + - reopened + - synchronize + +permissions: {} + +jobs: + code-formatter: + name: Code Formatter + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - uses: ministryofjustice/github-actions/code-formatter@1b6396ceb7bf09e741789c4e7eb7b329d5113066 # v15.4.1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 3005a11..6d25b2f 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,21 +1,29 @@ -# Need a GitHub Advanced Security license to run this action on private repos. - +--- name: Dependency Review + on: pull_request: - types: [opened, edited, reopened, synchronize] + types: + - edited + - opened + - reopened + - synchronize -permissions: - contents: read +permissions: {} jobs: dependency-review: + name: Dependency Review runs-on: ubuntu-latest + permissions: + contents: read steps: - - name: Checkout Repository - uses: actions/checkout@v4 + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Dependency Review - uses: actions/dependency-review-action@v3 + uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 with: # Possible values: critical, high, moderate, low fail-on-severity: critical diff --git a/.github/workflows/format-code.yml b/.github/workflows/format-code.yml deleted file mode 100644 index 5a82751..0000000 --- a/.github/workflows/format-code.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: code-formatter - -on: - pull_request: - types: [opened, edited, reopened, synchronize] - -jobs: - format-code: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: ministryofjustice/github-actions/code-formatter@v14 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/LICENSE b/LICENSE index a2d7257..c5a24ab 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2022 Crown Copyright (Ministry of Justice) +Copyright (c) 2024 Crown Copyright (Ministry of Justice) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 967ab38..b6878d8 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ The repository comes with the following preset files: - .gitignore - CODEOWNERS - dependabot.yml -- GitHub Actions example file -- Ministry of Justice Compliance Badge (Public repositories only) +- GitHub Actions example files +- Ministry of Justice Compliance Badge (public repositories only) ## Setup Instructions @@ -61,4 +61,6 @@ To add an Outside Collaborator to the repository, follow the guidelines detailed Adapt the dependabot.yml file to match your project's [dependency manager](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) and to enable [automated pull requests for package updates](https://docs.github.com/en/code-security/supply-chain-security). -If your repository is private with no GitHub Advanced Security license, remove the .github/workflows/dependency-review.yml file. +### Dependency Review + +If your repository is private with no GitHub Advanced Security license, remove the `.github/workflows/dependency-review.yml` file. From c0edc6299e6574b1702fe3d5d12d4666c81c8767 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Wed, 21 Feb 2024 09:18:17 +0000 Subject: [PATCH 2/3] Update dependency-review.yml --- .github/workflows/dependency-review.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 6d25b2f..1d2830c 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -25,5 +25,4 @@ jobs: - name: Dependency Review uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 with: - # Possible values: critical, high, moderate, low fail-on-severity: critical From 6e33c183561a33e0d6b810e37e1ec4d5c51400ae Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 22 Feb 2024 16:41:37 +0000 Subject: [PATCH 3/3] Remove code formatter workflow Remove devcontainers ecosystem Signed-off-by: Jacob Woffenden --- .github/dependabot.yml | 4 ---- .github/workflows/code-formatter.yml | 27 --------------------------- 2 files changed, 31 deletions(-) delete mode 100644 .github/workflows/code-formatter.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2b4ab5c..15fe7f0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -35,7 +35,3 @@ updates: directory: "/" schedule: interval: "daily" - - package-ecosystem: "devcontainers" - directory: "/" - schedule: - interval: "daily" diff --git a/.github/workflows/code-formatter.yml b/.github/workflows/code-formatter.yml deleted file mode 100644 index 0b60631..0000000 --- a/.github/workflows/code-formatter.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Code Formatter - -on: - pull_request: - types: - - edited - - opened - - reopened - - synchronize - -permissions: {} - -jobs: - code-formatter: - name: Code Formatter - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Checkout - id: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - uses: ministryofjustice/github-actions/code-formatter@1b6396ceb7bf09e741789c4e7eb7b329d5113066 # v15.4.1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}