Skip to content

ci: enable dependabot and codeql#8

Merged
ben-miru merged 4 commits intomainfrom
dependabot
Mar 24, 2026
Merged

ci: enable dependabot and codeql#8
ben-miru merged 4 commits intomainfrom
dependabot

Conversation

@ben-miru
Copy link
Copy Markdown
Contributor

@ben-miru ben-miru commented Mar 24, 2026

Summary

  • Add Dependabot config for github-actions (grouped minor+patch) and npm (separate dev/prod groups) ecosystems with weekly schedule
  • Add CodeQL analysis workflow for JavaScript, running on PRs, pushes to main, and weekly schedule
  • Add CodeQL config to exclude node_modules and dist from analysis

🤖 Generated with Claude Code

@ben-miru @claude
ci: enable dependabot and codeql
ec309f7 
Dependabot: weekly updates for github-actions (grouped minor+patch)
and npm (separate dev and prod groups).

CodeQL: JavaScript analysis on PRs, pushes to main, and weekly schedule.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mintlify
Copy link
Copy Markdown
Contributor

mintlify bot commented Mar 24, 2026
edited
Loading

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
miru 🟢 Ready View Preview Mar 24, 2026, 2:31 AM

@ben-miru @claude
ci: pin all actions to full-length commit SHAs
56e7a78 
Required by org policy — all actions must be pinned to full-length
commit SHAs, not version tags.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ben-miru @claude
fix(ci): remove invalid source-root from codeql workflow
6028dbc 
The docs repo has no src/ directory — source-root was incorrectly
copied from the setup-cli template. Defaults to repo root.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security bot commented Mar 24, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@ben-miru @claude
ci: replace pnpm/action-setup with corepack
1037477 
pnpm/action-setup is not in the org's allowed actions list. Use
corepack enable instead — it reads the packageManager field from
package.json to set up the correct pnpm version.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ben-miru ben-miru merged commit dc2c673 into main Mar 24, 2026
7 checks passed
@ben-miru ben-miru deleted the dependabot branch March 24, 2026 02:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ben-miru