FI-2154 Enable dependabot for dependency management (#101)

inferno-framework · Sep 28, 2023 · dac1e92 · dac1e92
1 parent 0a3ee00
commit dac1e92
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/" # Location of package manifests (ie, pom.xml)
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/maven_ci.yml b/.github/workflows/maven_ci.yml
@@ -5,10 +5,13 @@ name: Java CI with Maven
 
 on:
   push:
-    branches: [ master ]
+    branches: [ main ]
   pull_request:
-    branches: [ master ]
+    branches: [ main ]
 
+permissions:
+  contents: write
+
 jobs:
   build:
 
@@ -26,6 +29,10 @@ jobs:
         path: ~/.m2
         key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
         restore-keys: ${{ runner.os }}-m2
+    - name: Generate and Submit Maven Dependency Snapshot
+      uses: advanced-security/maven-dependency-submission-action@v3
+      if: github.ref == 'refs/heads/main'
+      # only run this step on on main branch, not PRs
     - name: Build/Test with Maven
       run: mvn --batch-mode --update-snapshots verify
     - name: Checkstyle