Skip to content

Comments

workflows: improvements#119

Merged
bjornars merged 4 commits intonovem-code:mainfrom
bjornars:bsn/workflows
Dec 12, 2025
Merged

workflows: improvements#119
bjornars merged 4 commits intonovem-code:mainfrom
bjornars:bsn/workflows

Conversation

@bjornars
Copy link
Contributor

@bjornars bjornars commented Dec 12, 2025

  • security: add explicit permissions to GitHub Actions workflows
  • workflows: wrap discord URLs in <> to calm down discord
  • ci: add Dependabot configuration for automated dependency updates
  • ci: restrict Discord notifications to novem-code org only

@bjornars
security: add explicit permissions to GitHub Actions workflows
c576d9d 
- Add read-only permissions to all workflows per CodeQL recommendations
- discord_pr.yml: pull-requests: read
- discord_push.yml: contents: read
- nix-build.yml: contents: read
- ci.yaml: contents: read
- python-publish.yml: already had correct permissions
- Document pull_request_target safety in discord_pr.yml
@bjornars
workflows: wrap discord URLs in <> to calm down discord
298f7bd
@bjornars
ci: add Dependabot configuration for automated dependency updates
bb270d1 
Configures Dependabot to automatically create PRs for:
- GitHub Actions updates (weekly)
- Python package updates (weekly)

This helps keep dependencies secure and up-to-date.
@bjornars
ci: restrict Discord notifications to novem-code org only
0424c82 
Adds repository_owner check to prevent Discord notifications from
running in forks, which would fail due to missing secrets and clutter
the workflow runs.
@bjornars bjornars merged commit 7796200 into novem-code:main Dec 12, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sondove sondove sondove approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bjornars @sondove