diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..b5e49600 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,46 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + open-pull-requests-limit: 5 + labels: + - "dependencies" + - "python" + groups: + python-minor-patch: + update-types: + - "minor" + - "patch" + + - package-ecosystem: "cargo" + directory: "/rust" + schedule: + interval: "weekly" + day: "monday" + open-pull-requests-limit: 5 + labels: + - "dependencies" + - "rust" + groups: + rust-minor-patch: + update-types: + - "minor" + - "patch" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + open-pull-requests-limit: 5 + labels: + - "dependencies" + - "github-actions" + groups: + actions-minor-patch: + update-types: + - "minor" + - "patch" diff --git a/.github/workflows/ci-gate.yml b/.github/workflows/ci-gate.yml index bc794e10..3e28c6cc 100644 --- a/.github/workflows/ci-gate.yml +++ b/.github/workflows/ci-gate.yml @@ -5,6 +5,8 @@ on: branches: [main] types: [opened, synchronize, reopened, labeled, unlabeled] +permissions: {} + jobs: ci-gate: name: CI Gate diff --git a/.github/workflows/notebooks.yml b/.github/workflows/notebooks.yml index 95a38399..7c627af5 100644 --- a/.github/workflows/notebooks.yml +++ b/.github/workflows/notebooks.yml @@ -20,6 +20,9 @@ on: # Weekly Sunday 6am UTC — smoke test that notebooks still execute cleanly - cron: '0 6 * * 0' +permissions: + contents: read + jobs: execute-notebooks: name: Execute tutorial notebooks diff --git a/.github/workflows/rust-test.yml b/.github/workflows/rust-test.yml index a08d11d0..befd545a 100644 --- a/.github/workflows/rust-test.yml +++ b/.github/workflows/rust-test.yml @@ -19,6 +19,9 @@ on: - 'pyproject.toml' - '.github/workflows/rust-test.yml' +permissions: + contents: read + env: CARGO_TERM_COLOR: always