Merge pull request #35 from blockworks-foundation/feat/depbot

add dependabot
2022-04-11 09:30:00 +01:00 · 2022-04-11 09:30:00 +01:00 · 535429bf3f
parent 57d9de86c8 0f9b123fc7
commit 535429bf3f
3 changed files with 33 additions and 27 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,27 @@
+version: 2
+updates:
+  - package-ecosystem: 'cargo'
+    directory: 'programs/mango-v4'
+    schedule:
+      interval: 'daily'
+    allow:
+      - dependency-type: 'direct'
+    commit-message:
+      prefix: 'v4'
+    open-pull-requests-limit: 5
+    labels:
+      - 'cargo'
+      - 'dependency'
+      
+  - package-ecosystem: 'cargo'
+    directory: 'programs/margin-trade'
+    schedule:
+      interval: 'daily'
+    allow:
+      - dependency-type: 'direct'
+    commit-message:
+      prefix: 'margin'
+    open-pull-requests-limit: 5
+    labels:
+      - 'cargo'
+      - 'dependency'
--- a/.github/workflows/ci-cargo-audit.yml
+++ b/.github/workflows/ci-cargo-audit.yml
@ -1,45 +1,23 @@
-# CI job for scanning Cargo dependencies for vulnerabilities and report/fail job based on criticality.
-# Critically vulnerable dependencies with fix available will mark the run as failed (X)
-name: Rust Cargo Audit
+name: Cargo Audit

 on:
  push:
    branches: master
  pull_request:

-  # Allowing manual runs with ability to choose branch
-  workflow_dispatch:
-
-  # Optimisation option by targeting direct paths to only scan when there are changes to dependencies in the push/PR
-  #  push:
-  #    paths:
-  #      - 'Cargo.toml'
-  #      - 'Cargo.lock'
-  #  pull_request:
-  #    paths:
-  #      - 'Cargo.toml'
-  #      - 'Cargo.lock'
-
-  # Example of running scheduled scans at 6AM UTC every Monday to regularly check for vulnerable dependencies
-  #  schedule:
-  #  - cron: '0 6 * * 1'
-
-# Run the job
 jobs:
-  Cargo-audit:
-    name: Cargo Vulnerability Scanner
+  cargo-audit:
+    name: Cargo Audit
    runs-on: ubuntu-latest
    steps:
-      # Check out GitHub repo
      - uses: actions/checkout@v2
-      
-      # Install cargo audit
+
      - name: Install Cargo Audit
        uses: actions-rs/install@v0.1
        with:
          crate: cargo-audit
          version: latest

-      # Run cargo audit using args from .cargo/audit.toml (ignores, etc.)
+      # Run cargo audit using args from .cargo/audit.toml
      - name: Run Cargo Audit
        run: cargo audit -c always
--- a/.github/workflows/ci-soteria.yml
+++ b/.github/workflows/ci-soteria.yml
@ -13,6 +13,7 @@ jobs:
  build:
    name: Soteria
    runs-on: ubuntu-latest
+    if: (github.actor != 'dependabot[bot]')
    steps:
      - name: Check-out repo
        uses: actions/checkout@v2