From 551f0907e8c63f2bc489af1dafccf0415194cfab Mon Sep 17 00:00:00 2001
From: Hans Olav Sund <hans.olav.sund@digdir.no>
Date: Thu, 15 Aug 2024 10:32:17 +0200
Subject: [PATCH] chore: close #102, add dependabot, codeql (#106)

* chore: close #102, add dependabot, codeql
---
 .github/dependabot.yaml           | 16 ++++++++++++++++
 .github/workflows/codeql.yaml     | 21 +++++++++++++++++++++
 .github/workflows/constraints.txt |  5 +++++
 .github/workflows/tests.yml       | 17 ++++++-----------
 poetry.lock                       |  7 ++++---
 pyproject.toml                    |  2 +-
 6 files changed, 53 insertions(+), 15 deletions(-)
 create mode 100644 .github/dependabot.yaml
 create mode 100644 .github/workflows/codeql.yaml
 create mode 100644 .github/workflows/constraints.txt

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
new file mode 100644
index 0000000..ef99145
--- /dev/null
+++ b/.github/dependabot.yaml
@@ -0,0 +1,16 @@
+version: 2
+updates:
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+
+  # Maintain dependencies for pip, pipenv, poetry
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
new file mode 100644
index 0000000..8d19d56
--- /dev/null
+++ b/.github/workflows/codeql.yaml
@@ -0,0 +1,21 @@
+name: Code scanning (CodeQL)
+
+on:
+  pull_request:
+    types: [ready_for_review, opened, reopened, synchronize]
+    branches:
+      - main
+  push:
+    branches:
+      - master
+
+jobs:
+  codeql:
+    name: Run codeql
+    uses: Informasjonsforvaltning/workflows/.github/workflows/codeql.yaml@main
+    with:
+      language: python
+      python_version: '3.9'
+      python_architecture: x64
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/constraints.txt b/.github/workflows/constraints.txt
new file mode 100644
index 0000000..b210dce
--- /dev/null
+++ b/.github/workflows/constraints.txt
@@ -0,0 +1,5 @@
+pip==24.2
+pipx==1.4.3
+nox==2022.8.7
+nox-poetry==1.0.1
+poetry==1.2.2
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 149eb5a..503aa94 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -3,18 +3,13 @@ on: push
 
 jobs:
   tests:
-    runs-on: ubuntu-latest
     strategy:
       matrix:
         python-version: ['3.9']
     name: Python ${{ matrix.python-version }}
-    steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-python@v1
-      with:
-        python-version: ${{ matrix.python-version }}
-        architecture: x64
-    - run: pip install nox==2022.8.7
-    - run: pip install poetry==1.2.2
-    - run: pip install nox-poetry==1.0.1
-    - run: nox --python ${{ matrix.python-version }}
+    uses: Informasjonsforvaltning/workflows/.github/workflows/test-nox.yaml@main
+    with:
+      python_version: ${{ matrix.python-version }}
+      python_architecture: x64
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/poetry.lock b/poetry.lock
index 8fe3945..fdf4037 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.7.1 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand.
 
 [[package]]
 name = "attrs"
@@ -1115,6 +1115,7 @@ files = [
     {file = "PyYAML-6.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34"},
     {file = "PyYAML-6.0.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28"},
     {file = "PyYAML-6.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9"},
+    {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef"},
     {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0"},
     {file = "PyYAML-6.0.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4"},
     {file = "PyYAML-6.0.1-cp312-cp312-win32.whl", hash = "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54"},
@@ -1353,5 +1354,5 @@ zstd = ["zstandard (>=0.18.0)"]
 
 [metadata]
 lock-version = "2.0"
-python-versions = ">=3.9,<3.11"
-content-hash = "289177defbdaf1ca0094f320a91d35bdfda002c5ca9e5082a0bd29fec2567530"
+python-versions = ">=3.9,<3.10"
+content-hash = "d5869ca012629076b80de4fb7363fdaa405dca22520e183fa25431b2f4a0d4ab"
diff --git a/pyproject.toml b/pyproject.toml
index f6c7c16..ddf230f 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -6,7 +6,7 @@ authors = ["Stig B. Dørmænen <stigbd@gmail.com>"]
 license = "Apache-2.0"
 
 [tool.poetry.dependencies]
-python = ">=3.9,<3.11"
+python = ">=3.9,<3.10"
 PyYAML = "^6.0"
 click = "^8.1.3"
 jsonpickle = "^2.2.0"