Files
TijdVoorDeTest/.github/dependabot.yml
T
Marijn 806cff8c0f ci: optimise build pipeline — shared dev image build and skip tests on tag push (#167)
* ci: split dev image build into a shared job

Extract the Docker build step into a dedicated `build` job so `quality`
and `tests` no longer each build the image independently. Both jobs now
load from the shared `devbuild` GHA cache scope and declare `needs: build`.

* ci: skip quality+tests on tag push, verify prior CI run instead

When tagging a commit that already passed CI on main, there is no need
to run quality and tests again. Both jobs now skip for tag refs.

A new `verify-prior-run` job runs instead: it queries the GitHub API for
a prior successful CI run on the same SHA (excluding the current run) and
fails fast if none is found, preventing deployment of untested tags.

`build-deploy` now uses `always() && !cancelled() && !failure()` so it
handles the mix of skipped (quality/tests) and successful (verify-prior-run)
needed jobs correctly.

* ci: bump GitHub Actions to Node.js 24 compatible versions

* ci: add Dependabot config for GitHub Actions version updates

* ci: pin all GitHub Actions to commit SHAs

* ci: disable credential persistence on all checkout steps
2026-07-03 12:18:29 +02:00

35 lines
1.1 KiB
YAML

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
- package-ecosystem: "composer" # See documentation for possible values
directory: "/" # Location of package manifests
allow:
# Allow both direct and indirect updates for all packages
- dependency-type: "all"
schedule:
interval: "daily"
ignore:
- dependency-name: "symfony/*"
update-types: [ "version-update:semver-major", "version-update:semver-minor" ]
groups:
dev-dependencies:
dependency-type: "development"
symfony:
patterns:
- "symfony/*"
twig:
patterns:
- "twig/*"
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"