54 Commits

Author SHA1 Message Date
Eric Sorenson f51df6d455 Updates from code review 2026-03-05 20:39:09 -08:00
Eric Sorenson cffae74507 Add .github/copilot-instructions.md for Copilot coding agent
Add instructions file to help Copilot coding agent work efficiently with
this repository. Includes build/validation commands, project layout,
CI checks, style rules, testing patterns, and important notes about
the codebase conventions.
2026-03-05 18:46:42 -08:00
Eric Sorenson 4038a34c4b Merge pull request #1021 from actions/dependabot/github_actions/actions/checkout-6
Bump actions/checkout from 4 to 6
2026-03-02 16:00:21 -08:00
dependabot[bot] 17d14c08d9 Bump actions/stale from 10.1.0 to 10.2.0
Bumps [actions/stale](https://github.com/actions/stale) from 10.1.0 to 10.2.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v10.1.0...v10.2.0)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-23 01:42:33 +00:00
dependabot[bot] 1d60e0d095 Bump actions/checkout from 4 to 6
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-27 18:20:43 +00:00
Barry Gordon 35ccfd2548 Merge pull request #1005 from actions/dependabot/github_actions/actions/setup-node-6
Bump actions/setup-node from 4 to 6
2025-11-27 18:19:46 +00:00
Barry Gordon a2014a181b Merge pull request #1003 from actions/dependabot/github_actions/github/codeql-action-4
Bump github/codeql-action from 3 to 4
2025-11-27 18:19:21 +00:00
Barry Gordon 1a0268586f Merge pull request #995 from actions/dependabot/github_actions/actions/stale-10.1.0
Bump actions/stale from 9.1.0 to 10.1.0
2025-11-27 18:18:38 +00:00
dependabot[bot] 805c0b2856 Bump actions/setup-node from 4 to 6
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-11 00:20:49 +00:00
Kevin Dangoor 289863a7c4 GitHub Actions can't push to our protected main
Our main branch is protected, which means that our Actions workflow
cannot push changes directly to main. This removes the non-functional
workflow.
2025-11-10 17:46:39 -05:00
Kevin Dangoor 9b42b7e9a9 Remove bad token reference 2025-11-05 20:29:51 -05:00
Kevin Dangoor 94004c3444 Remove dist directory change blocking
We don't really need to prevent changes to the dist directory
being committed. If someone does push a change to the dist directory,
they'd be able to test with that. Plus the files will be regenerated
on main, so that we know the final dist files are correct.

This also fixes up some paths in the ci-update-dist.yml workflow
which generates the dist files on main.
2025-11-05 18:04:42 -05:00
Kevin Dangoor 75e65b4d81 Generate dist files on main branch
This adapts an approach taken by the Gradle actions in order to
generate the dist files on the main branch rather than having
every contributor need to generate them. (In fact, people will no
longer be able to submit PRs with the dist files updated). This
change is important because the current approach means that
people encounter merge conflicts all the time and will need to
keep regenerating the dist files in order to land their change.
2025-11-05 17:30:02 -05:00
dependabot[bot] 0f943b29ae Bump github/codeql-action from 3 to 4
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-10-13 01:01:57 +00:00
dependabot[bot] 2440f520c8 Bump actions/stale from 9.1.0 to 10.1.0
Bumps [actions/stale](https://github.com/actions/stale) from 9.1.0 to 10.1.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v9.1.0...v10.1.0)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: 10.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-10-06 01:01:54 +00:00
Lewis Jones 85c8e53ab7 Scan ruby 2025-08-28 16:12:23 +01:00
Ashely Tenesaca ab524903e8 remove ruby 2025-08-19 17:11:41 -04:00
Ashely Tenesaca ef00a0afbb add permissions to workflows 2025-08-19 20:55:24 +00:00
Kylie Stradley 8296deda21 Add Missing Languages to CodeQL Advanced Configuration 2025-07-10 09:22:28 -04:00
Barry Gordon d2e453a37e Handle any SPDX dependencies as a priority PR 2025-04-01 13:52:16 +01:00
fabasoad 7f3cd87ec0 Fix usage of this action in dependency-review.yml 2025-01-25 23:11:35 +09:00
dependabot[bot] 9cd1f01f7f Bump actions/stale from 9.0.0 to 9.1.0
Bumps [actions/stale](https://github.com/actions/stale) from 9.0.0 to 9.1.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v9.0.0...v9.1.0)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-24 19:52:48 +00:00
Ahmed ElMallah c9bb42fdbf grouping minor and patch updates to lessen the number of PRs 2025-01-23 23:01:53 +00:00
Jon Janego 14b94f8fbc Update stale.yaml
adding closure messages
2024-09-26 11:47:03 -05:00
Jon Janego affc3a4f15 Create pull_request_template.md 2024-07-12 16:07:23 -05:00
Jon Janego 89204de987 Create config.yml 2024-06-03 16:48:33 -05:00
Jon Janego 6d4e634e06 Create issue templates
issue templates for bugs and feature requests
2024-06-03 16:43:33 -05:00
Jon Janego 3b70c9966e Update stale.yaml
fixing some comments, adding a keep label for issues, explicitly defining labeling behavior for issues
2024-03-14 14:43:08 -05:00
Jon Janego a1be843151 Update stale.yaml
Adding stale checks to issues
2024-02-20 10:25:09 -06:00
Justin Holguín 0812876f7c Update codeql.yml 2024-01-31 13:44:54 -08:00
Justin Holguín 4f37a60d4f Create codeql.yml 2024-01-31 13:36:31 -08:00
Jon Janego 56991330a3 Update stale.yaml
assigning explicit permissions
2024-01-26 09:15:48 -06:00
Jon Janego a824acd5d7 Create stale.yaml 2024-01-25 13:49:10 -06:00
Federico Builes dbf82a4a5e Merge pull request #639 from takost/takost/update-to-node-20
Update action to node20
2024-01-18 13:52:05 +01:00
dependabot[bot] 5ccb7d478c Bump actions/upload-artifact from 3 to 4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 01:54:59 +00:00
Tatyana Kostromskaya 1c9a424cbc . 2023-12-14 15:06:21 +00:00
dependabot[bot] 7314a0c1f5 Bump actions/setup-node from 3 to 4
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 01:40:15 +00:00
dependabot[bot] 7095391667 Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-11 01:14:30 +00:00
Jongwoo Han 86e4c38e88 Use cache in check-dist.yml
Signed-off-by: jongwooo <jongwooo.han@gmail.com>
2022-12-20 03:17:46 +09:00
Federico Builes 9ad1f84ed2 Dependabot Updates should only happen once a week. 2022-11-24 10:57:01 +01:00
cnagadya 43c5083e6c Node 18 2022-10-28 10:13:58 +00:00
cnagadya 228a6404a2 Remove untracked dev-config.yml 2022-10-14 13:07:46 +00:00
cnagadya 71dbf10e60 Add configuration instruction to docs 2022-10-14 12:31:17 +00:00
Federico Builes bf0cb7fac4 Add a default config file. 2022-09-19 17:28:20 +02:00
Federico Builes 82d4814150 Merge pull request #142 from kachick/fix-lint-errors-and-add-ci
Add CI workflow and fix lint errors
2022-07-06 11:00:13 +02:00
Kenichi Kamiya 51d1824002 Focus only on the node issue
https://github.com/actions/dependency-review-action/pull/141#discussion_r914526073

https://github.com/actions/dependency-review-action/pull/141#discussion_r914537222

Co-authored-by: Federico Builes <febuiles@github.com>
2022-07-06 17:13:18 +09:00
Kenichi Kamiya 40346e9340 Run test and linter in CI 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 7f576504ed Stop dependabot PRs for different major version of types
It is possible to make a mismatch with actual logic.
2022-07-04 11:25:57 +09:00
Federico Builes e56fe29417 Remove old config file. 2022-06-14 07:38:45 +02:00
Federico Builes ae2949c9c1 Removing old file. 2022-06-01 13:40:09 +02:00