From f65be139fe2213adf2bc05e76b8935b82cb8050c Mon Sep 17 00:00:00 2001 From: k-matsuzawa Date: Mon, 5 Jan 2026 13:00:06 +0900 Subject: [PATCH] feat: update CI and dependabot --- .github/dependabot.yml | 6 ++++ .github/workflows/docker-build.yml | 49 +++++++++++------------------- 2 files changed, 24 insertions(+), 31 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 11996786f..090b4bf8c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -10,3 +10,9 @@ updates: - '.github/**/*' schedule: interval: weekly + cooldown: + default-days: 3 + groups: + dependencies: + patterns: + - "*" diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 301b5eff6..ce1fd3696 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -11,33 +11,19 @@ env: # If you want to change the path, please set `secrets.IMAGE_PATH` . IMAGE_BASE_PATH: "ghcr.io/${{ github.repository_owner }}/electrs" -jobs: - check_image_env: - runs-on: ubuntu-24.04 - timeout-minutes: 120 - permissions: - contents: read - pull-requests: write - steps: - - name: stop CI - if: ${{ github.event_name != 'pull_request' }} - shell: bash - env: - TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - if [ "${{ secrets.REGISTRY_USERNAME }}" != "" ]; then - exit 0 ; - fi - curl -X POST -H "Content-Type: application/json" -H "Authorization: token $TOKEN" https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel - while true; do echo "Waiting for job to be cancelled"; sleep 5; done +concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.sha }} + cancel-in-progress: true +jobs: build_and_push_elements_image: - runs-on: ubuntu-24.04 - needs: check_image_env + runs-on: ubuntu-latest timeout-minutes: 120 permissions: contents: read - pull-requests: write + packages: write + attestations: write + id-token: write steps: - name: checkout uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 @@ -65,7 +51,7 @@ jobs: uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: # list of Docker images to use as base name for tags - images: name=${{ steps.image_path.outputs.IMAGE_PATH }} + images: ${{ steps.image_path.outputs.IMAGE_PATH }} # generate Docker tags based on the following events/attributes tags: | type=ref,event=tag @@ -90,8 +76,8 @@ jobs: uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_TOKEN }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build only if: ${{ github.event_name == 'pull_request' }} @@ -123,12 +109,13 @@ jobs: severity: CRITICAL,HIGH build_and_push_bitcoin_image: - runs-on: ubuntu-24.04 - needs: check_image_env + runs-on: ubuntu-latest timeout-minutes: 120 permissions: contents: read - pull-requests: write + packages: write + attestations: write + id-token: write steps: - name: checkout uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 @@ -156,7 +143,7 @@ jobs: uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: # list of Docker images to use as base name for tags - images: name=${{ steps.image_path.outputs.IMAGE_PATH }} + images: ${{ steps.image_path.outputs.IMAGE_PATH }} # generate Docker tags based on the following events/attributes flavor: | latest=auto @@ -184,8 +171,8 @@ jobs: uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_TOKEN }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build only if: ${{ github.event_name == 'pull_request' }}