From 08561ed736b7ddbdc4388f9fd42bbb16d6bb026c Mon Sep 17 00:00:00 2001 From: Ed Baker Date: Tue, 5 Sep 2023 08:55:05 -0700 Subject: [PATCH 1/2] dependabot: Enable version updates for PIP and GitHub Actions Introduce a dependabot.yml to configure version updates for Python packages and GitHub Actions. At the moment Python scripts aren't using additional packages via requirements.txt. Enabling PIP scans is for upcoming tools / checks. Dependabot open pull requests are limited to 1. Automated PRs opened for this repository should be low volume. Dependabot configurations are intentionally stored in .github/ instead of .github/workflows per GitHub Documentation. "You must store this file in the .github directory of your repository." [1] [1] https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file --- .github/dependabot.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..9a9e6427 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +# Dependabot version updates for packages used by perfmon tooling. + +version: 2 +updates: + # Enable version updates for Python packages. + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 1 + + # Enable version updates from GitHub Actions. + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 1 From bd9cd3a3f7dc993a1069d7760e8c7c4cb160bf24 Mon Sep 17 00:00:00 2001 From: Ed Baker Date: Tue, 5 Sep 2023 09:30:48 -0700 Subject: [PATCH 2/2] ci: Limit link checks to intel/perfmon Automatically checking links is intended to be a low volume reminder to update stale links. It isn't necessary for every fork (examples in [1] and [2]) to also act as a reminder. This commit checks if the repository is 'intel/perfmon' and further removes push and pull_request triggers. [1] https://github.com/edwarddavidbaker/perfmon/actions/workflows/check-markdown-links.yml?query=event%3Aschedule [2] https://github.com/captain5050/perfmon/actions/workflows/check-markdown-links.yml?query=event%3Aschedule --- .github/workflows/check-markdown-links.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/check-markdown-links.yml b/.github/workflows/check-markdown-links.yml index 9c6fc1de..86fff396 100644 --- a/.github/workflows/check-markdown-links.yml +++ b/.github/workflows/check-markdown-links.yml @@ -1,12 +1,6 @@ name: Check Markdown links on: - pull_request: - branches: - - main - push: - branches: - - main schedule: # Tuesdays at 9AM PST. GitHub Actions run in UTC. - cron: '0 16 * * 2' @@ -14,6 +8,9 @@ on: jobs: markdown-link-check: runs-on: ubuntu-latest + # Only run link checks in the main repo and not forks. The intent + # is a low volume reminder to update stale links. + if: github.repository == 'intel/perfmon' steps: - uses: actions/checkout@v3 - uses: gaurav-nelson/github-action-markdown-link-check@v1