diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..cb2aff7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + - package-ecosystem: gomod + directory: "/" + schedule: + interval: daily + commit-message: + prefix: "Bump:" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5fa01c6..61b5aed 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,38 +1,32 @@ name: build +permissions: read-all + on: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] - + workflow_dispatch: + inputs: + tag: + description: 'Tag to create' + required: true + default: 'v0.0.0' + +# See https://github.com/cristalhq/.github/.github/workflows jobs: - build: - name: Build & Test - runs-on: ubuntu-latest - steps: - - - name: Set up Go 1.x - uses: actions/setup-go@v2 - with: - go-version: ^1.15 - - - name: Check out code - uses: actions/checkout@v2 - - - name: Download module dependencies - env: - GOPROXY: "https://proxy.golang.org" - run: go mod download - - - name: Test - run: go test -v -coverprofile=coverage.txt ./... - - - name: Upload Coverage - uses: codecov/codecov-action@v1 - continue-on-error: true - with: - token: ${{secrets.CODECOV_TOKEN}} - file: ./coverage.txt - fail_ci_if_error: false + uses: cristalhq/.github/.github/workflows/build.yml@454df049fccd7d81729b0c567b75662a2b77e97a # v0.1.3 + + codeql: + permissions: + security-events: write + uses: cristalhq/.github/.github/workflows/codeql.yml@454df049fccd7d81729b0c567b75662a2b77e97a # v0.1.3 + + release: + if: github.event_name == 'workflow_dispatch' + uses: cristalhq/.github/.github/workflows/release.yml@454df049fccd7d81729b0c567b75662a2b77e97a # v0.1.3 + permissions: + contents: write + with: + tag: ${{ github.event.input.tag }}