From 077b0d23f1c21c3f7d7c5d2e3f003a33dca1d1ff Mon Sep 17 00:00:00 2001 From: Topmatrix Mor Date: Sat, 20 Jun 2026 05:17:11 +0000 Subject: [PATCH] feat: implement automated dependency updates via Dependabot (#263) - Add .github/dependabot.yml with weekly npm ecosystem updates - Group minor/patch updates for production and dev dependencies - Limit open PRs to 5 to avoid spamming the PR board - Update .github/workflows/ci.yml with full Lint, Test, Build pipeline - Use actions/setup-node@v4 with npm caching for faster runs - Build job depends on lint and test passing (fail-fast) - Pipeline triggers on push/PR to main, covering all Dependabot PRs Closes #263 --- .github/dependabot.yml | 34 +++++++++++++++++++++++ .github/workflows/ci.yml | 59 ++++++++++++++++++++++++++++++++++++++-- 2 files changed, 90 insertions(+), 3 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..e0be595 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,34 @@ +version: 2 + +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "UTC" + # Group all non-major updates into a single PR to reduce noise + groups: + production-dependencies: + dependency-type: "production" + update-types: + - "minor" + - "patch" + development-dependencies: + dependency-type: "development" + update-types: + - "minor" + - "patch" + # Limit open PRs to avoid overwhelming the board + open-pull-requests-limit: 5 + # Keep PR titles descriptive + commit-message: + prefix: "chore(deps)" + prefix-development: "chore(deps-dev)" + include: "scope" + labels: + - "dependencies" + - "automated" + # Target the main branch + target-branch: "main" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f167700..4e4a24b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,13 +1,66 @@ name: Web CI -on: [push, pull_request] +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] jobs: - check: + security: + name: Security Audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: "npm" + - run: npm ci --prefer-offline - name: Security Audit run: npm audit --audit-level=critical - name: Verify Package Integrity run: ls src/app/page.tsx + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: "npm" + - run: npm ci --prefer-offline + - name: Run ESLint + run: npm run lint + + test: + name: Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: "npm" + - run: npm ci --prefer-offline + - name: Run Tests + run: npm test -- --ci --passWithNoTests + + build: + name: Build + runs-on: ubuntu-latest + needs: [lint, test] + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: "npm" + - run: npm ci --prefer-offline + - name: Build + run: npm run build + env: + # Prevent build failures from missing optional env vars + NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL || 'http://localhost:3001' }}