From 66e3bf3c847f57f47e6cb6db4976e0990fab473f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 27 Jul 2025 13:33:48 +0000 Subject: [PATCH 1/3] ci(deps): bump the github-actions group with 3 updates Bumps the github-actions group with 3 updates: [codecov/codecov-action](https://github.com/codecov/codecov-action), [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `codecov/codecov-action` from 4 to 5 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v4...v5) Updates `peter-evans/create-pull-request` from 5 to 7 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/v5...v7) Updates `softprops/action-gh-release` from 1 to 2 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: '2' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/dependency-update.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index da8f504..728194c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -169,7 +169,7 @@ jobs: run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v5 with: file: lcov.info fail_ci_if_error: false diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 4a7a903..60666e1 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -48,7 +48,7 @@ jobs: - name: Create Pull Request if: env.HAS_UPDATES == 'true' - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v7 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "chore: update dependencies" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 74d83be..c6c0b0d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -123,7 +123,7 @@ jobs: copy target\${{ matrix.target }}\release\cg-bundler.exe ${{ matrix.name }} - name: Upload Release Asset - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 with: tag_name: ${{ github.ref_name }} files: ./${{ matrix.name }} From 836b82677e92608000e68239f65d2c0f8808248b Mon Sep 17 00:00:00 2001 From: MathieuSoysal Date: Mon, 28 Jul 2025 09:18:41 +0200 Subject: [PATCH 2/3] fix: rename SonarQube job to SonarCloud and update permissions --- .github/workflows/ci.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 728194c..7744a0f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -180,12 +180,14 @@ jobs: name: coverage-report path: lcov.info - sonarqube: - name: SonarQube + sonarcloud: + name: SonarCloud runs-on: ubuntu-latest needs: [test, code-coverage] permissions: contents: read + pull-requests: write + checks: write steps: - uses: actions/checkout@v4 with: @@ -204,4 +206,4 @@ jobs: - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@v5 env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 8b33643582885f9d7a33b148d640598b8195d033 Mon Sep 17 00:00:00 2001 From: MathieuSoysal Date: Mon, 28 Jul 2025 09:55:35 +0200 Subject: [PATCH 3/3] chore: add CODEOWNERS file and remove reviewers from Dependabot configuration --- .github/CODEOWNERS | 29 +++++++++++++++++++++++++++++ .github/dependabot.yml | 4 ---- 2 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..01f6c85 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,29 @@ +# Code owners for CG-Bundler repository +# This file defines who should be automatically requested for review +# when changes are made to specific files or directories. +# +# More information: https://docs.github.com/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners + +# Global code owner - applies to all files unless overridden +* @MathieuSoysal + +# Rust source code +/src/ @MathieuSoysal +/Cargo.toml @MathieuSoysal +/Cargo.lock @MathieuSoysal + +# Configuration files +/.github/ @MathieuSoysal +/deny.toml @MathieuSoysal +/sonar-project.properties @MathieuSoysal + +# Documentation +/README.md @MathieuSoysal +/CHANGELOG.md @MathieuSoysal +/CONTRIBUTING.md @MathieuSoysal + +# Examples +/examples/ @MathieuSoysal + +# Tests +/tests/ @MathieuSoysal diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b55d284..82f1896 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -13,8 +13,6 @@ updates: time: "09:00" timezone: "UTC" open-pull-requests-limit: 10 - reviewers: - - "MathieuSoysal" assignees: - "MathieuSoysal" labels: @@ -47,8 +45,6 @@ updates: time: "09:00" timezone: "UTC" open-pull-requests-limit: 5 - reviewers: - - "MathieuSoysal" assignees: - "MathieuSoysal" labels: