diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 82a3e1d..1bea801 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,6 +4,19 @@ # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates version: 2 updates: + - package-ecosystem: "maven" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" + # wait after a new release till we create a PR, to reduce risk of pulling + # a compromised new version + cooldown: + default-days: 7 + # Exclude our own repos from cooldown + # https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#cooldown- + exclude: + - "org.jboss.da:*" + - "org.jboss.pnc:*" - package-ecosystem: "github-actions" # Also update Github actions directory: "/" schedule: diff --git a/README.md b/README.md index a1198c1..2c3833c 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,10 @@ -# shared-github-actions -Repository to store workflows (and other stuff) that we'll re-use in other PNC repositories +# Introduction -A sample `release.yml` configuration file from the [GitHub documentation](https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes#configuring-automatically-generated-release-notes) has been added to `.github/release.yml` - this can be copied to each relevant repository. \ No newline at end of file +This repository is used to store GitHub Action workflows (and other stuff) that we'll re-use in other PNC repositories + +### Dependabot + +A sample dependabot file in `.github/dependabot.yml` is available that is both used in this repository and may be copied to other ProjectNCL repositories. + +### GitHub Releases +A sample `.github/release.yml` configuration file from the [GitHub documentation](https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes#configuring-automatically-generated-release-notes) has been added that may be copied to other ProjectNCL repositories.