diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..41ff658 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,31 @@ +version: 2 + +updates: + # 1) GitHub Actions + - package-ecosystem: github-actions + directory: / # GitHub scans .github/workflows from here + schedule: + interval: weekly + day: monday + time: "03:00" + open-pull-requests-limit: 5 + assignees: ["VGau"] + labels: ["dependencies", "github-actions"] + commit-message: + prefix: "deps(actions)" + include: "scope" + groups: + core-actions-minor-patch: + update-types: ["minor", "patch"] + patterns: + - "actions/*" + - "github/*" + third-party-actions-minor-patch: + update-types: ["minor", "patch"] + patterns: + - "*" + exclude-patterns: + - "actions/*" + - "github/*" + cooldown: + default-days: 7 diff --git a/.github/workflows/nft-resolver-tests.yml b/.github/workflows/nft-resolver-tests.yml index 4bfdb81..b313d19 100644 --- a/.github/workflows/nft-resolver-tests.yml +++ b/.github/workflows/nft-resolver-tests.yml @@ -10,11 +10,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@v6 - name: Cache node modules id: cache-npm - uses: actions/cache@v4 + uses: actions/cache@v5 env: cache-name: cache-node-modules with: diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml new file mode 100644 index 0000000..c806541 --- /dev/null +++ b/.github/workflows/security-code-scanner.yml @@ -0,0 +1,32 @@ +name: Security Code Scanner + +on: + push: + branches: + - main + pull_request: + branches: + - main + workflow_call: + secrets: + SECURITY_SCAN_METRICS_TOKEN: + required: false + APPSEC_BOT_SLACK_WEBHOOK: + required: false + workflow_dispatch: + +jobs: + security-scan: + uses: MetaMask/action-security-code-scanner/.github/workflows/security-scan.yml@v2 + permissions: + actions: read + contents: read + security-events: write + with: + repo: ${{ github.repository }} + scanner-ref: 'v2' + paths-ignored: | + + secrets: + project-metrics-token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }} + slack-webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}