diff --git a/.gitattributes b/.gitattributes index 18677abbc..3f737b4f1 100644 --- a/.gitattributes +++ b/.gitattributes @@ -3,8 +3,8 @@ /.copywrite.hcl linguist-generated /.gitattributes linguist-generated /.github/CODEOWNERS linguist-generated +/.github/dependabot.yml linguist-generated /.github/ISSUE_TEMPLATE/config.yml linguist-generated -/.github/pull_request_template.md linguist-generated /.github/workflows/alert-open-prs.yml linguist-generated /.github/workflows/auto-approve.yml linguist-generated /.github/workflows/auto-close-community-issues.yml linguist-generated diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..549f421d8 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,20 @@ +# NOTE: Dependabot configuration is not managed by Projen because if you enable Dependabot through Projen, +# it will delete the upgrade-main job and expect you to only use Dependabot for updates. +# That is not what we want either; we just want to use Dependabot for security updates. + +version: 2 +updates: + - package-ecosystem: npm + versioning-strategy: lockfile-only + directory: / + schedule: + interval: daily + ignore: + - dependency-name: projen + labels: + - auto-approve + - automerge + - dependencies + - security + # Disable version updates for npm dependencies, only use Dependabot for security updates + open-pull-requests-limit: 0 diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md deleted file mode 100644 index 11d479bca..000000000 --- a/.github/pull_request_template.md +++ /dev/null @@ -1 +0,0 @@ -Fixes # \ No newline at end of file diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index cfbb5bd1f..296538654 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e with: days-before-stale: -1 days-before-close: -1 diff --git a/.gitignore b/.gitignore index 6d3f63e91..148ee3440 100644 --- a/.gitignore +++ b/.gitignore @@ -36,7 +36,6 @@ jspm_packages/ /dist/version.txt !/.github/workflows/release.yml !/.github/workflows/upgrade-main.yml -!/.github/pull_request_template.md !/test/ !/tsconfig.dev.json !/src/ @@ -60,6 +59,7 @@ package-lock.json !/.github/workflows/provider-upgrade.yml !/.github/workflows/alert-open-prs.yml !/.github/workflows/force-release.yml +!/.github/dependabot.yml !/.github/CODEOWNERS !/scripts/should-release.js API.md diff --git a/.projen/files.json b/.projen/files.json index f54cf9774..91c4de4fe 100644 --- a/.projen/files.json +++ b/.projen/files.json @@ -3,8 +3,8 @@ ".copywrite.hcl", ".gitattributes", ".github/CODEOWNERS", + ".github/dependabot.yml", ".github/ISSUE_TEMPLATE/config.yml", - ".github/pull_request_template.md", ".github/workflows/alert-open-prs.yml", ".github/workflows/auto-approve.yml", ".github/workflows/auto-close-community-issues.yml", diff --git a/package.json b/package.json index 50461adde..41ae4dc41 100644 --- a/package.json +++ b/package.json @@ -56,7 +56,7 @@ "jsii-docgen": "^10.2.3", "jsii-pacmak": "^1.93.0", "jsii-rosetta": "~5.2.0", - "projen": "^0.78.0", + "projen": "^0.78.1", "semver": "^7.5.3", "standard-version": "^9", "typescript": "~5.2.0" diff --git a/yarn.lock b/yarn.lock index 536de5841..68c03a996 100644 --- a/yarn.lock +++ b/yarn.lock @@ -201,9 +201,9 @@ jsii-srcmak "^0.1.954" "@cdktf/provider-project@^0.5.0": - version "0.5.3" - resolved "https://registry.yarnpkg.com/@cdktf/provider-project/-/provider-project-0.5.3.tgz#09cf130a611791b6a0984409107afd5b5527a91c" - integrity sha512-6UyY84u6A+f0Xsel0kabsqQN4srBIwa4/BFHuZqmSW4DqVbYobd+9wj3EF/Fd0HGnR9elOvZw86WP9zOCIovHA== + version "0.5.4" + resolved "https://registry.yarnpkg.com/@cdktf/provider-project/-/provider-project-0.5.4.tgz#75da846bfb1be19ff283a96eb16b918e0b01ab27" + integrity sha512-h4MJDZhi3el6ngjjjbtxXcDp+IgIwwJXGX/seWuUYDJwBWncmuNbDWeeD+KXCUYft9jxj1I90YArxhm2jSpqaQ== dependencies: change-case "^4.1.2" fs-extra "^10.1.0" @@ -3309,10 +3309,10 @@ process-nextick-args@~2.0.0: resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.1.tgz#7820d9b16120cc55ca9ae7792680ae7dba6d7fe2" integrity sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag== -projen@^0.78.0: - version "0.78.0" - resolved "https://registry.yarnpkg.com/projen/-/projen-0.78.0.tgz#3148000da5a2322666013e689227407a26131ba4" - integrity sha512-cLergWOFUGLm+BZy2d0q0MTgyLMw6Htub7XfAgWI7+lsC+anpypeOGvdca3+TcgKZAMZrmPdNjfWNM+5ag6Mew== +projen@^0.78.1: + version "0.78.1" + resolved "https://registry.yarnpkg.com/projen/-/projen-0.78.1.tgz#a947d4d063d41e8404032fa4c4b4895e164f89be" + integrity sha512-MrvXISCDCiN3WjqrU33RV0ZwfguQTK+E/t5ivhaCmCuXuXHVnSMtwah9uMbCteQm/vJIzDzSV1Ruf7UzeU54Mw== dependencies: "@iarna/toml" "^2.2.5" case "^1.6.3"