1
0
mirror of https://github.com/pi-hole/pi-hole synced 2024-12-22 06:48:07 +00:00

Add Dependabot and CodeQL support (#4286)

Signed-off-by: Jauder Ho <jauderho@users.noreply.github.com>

Co-authored-by: Adam Warner <me@adamwarner.co.uk>
This commit is contained in:
Jauder Ho 2021-10-05 17:22:46 +00:00 committed by GitHub
parent c5828df198
commit 5bf35dc687
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 57 additions and 0 deletions

17
.github/dependabot.yml vendored Normal file
View File

@ -0,0 +1,17 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: saturday
time: "10:00"
open-pull-requests-limit: 10
target-branch: development
versioning-strategy: increase

40
.github/workflows/codeql-analysis.yml vendored Normal file
View File

@ -0,0 +1,40 @@
name: "CodeQL"
on:
push:
branches:
- master
- development
pull_request:
branches:
- master
- development
schedule:
- cron: '32 11 * * 6'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
-
name: Checkout repository
uses: actions/checkout@v2
# Initializes the CodeQL tools for scanning.
-
name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: 'python'
-
name: Autobuild
uses: github/codeql-action/autobuild@v1
-
name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1