diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 6c73c48d8d7..739cbc2728f 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -44,48 +44,17 @@ registries: updates: - package-ecosystem: maven - directories: - - "/log4j-1.2-api" - - "/log4j-api-test" - - "/log4j-api" - - "/log4j-appserver" - - "/log4j-cassandra" - - "/log4j-core-fuzz-test" - - "/log4j-core-its" - - "/log4j-core-test" - - "/log4j-core" - - "/log4j-couchdb" - - "/log4j-docker" - - "/log4j-fuzz-test" - - "/log4j-iostreams" - - "/log4j-jakarta-jms" - - "/log4j-jakarta-smtp" - - "/log4j-jakarta-web" - - "/log4j-jcl" - - "/log4j-jdbc-dbcp2" - - "/log4j-jpa" - - "/log4j-jpl" - - "/log4j-jul" - - "/log4j-layout-template-json-fuzz-test" - - "/log4j-layout-template-json-test" - - "/log4j-layout-template-json" - - "/log4j-mongodb" - # `log4j-mongodb4` is in a separate run - - "/log4j-osgi-test" - - "/log4j-parent" - - "/log4j-perf-test" - # `log4j-slf4j-impl` is in a separate run - - "/log4j-slf4j2-impl-fuzz-test" - - "/log4j-slf4j2-impl" - - "/log4j-spring-boot" - - "/log4j-spring-cloud-config-client" - - "/log4j-taglib" - - "/log4j-to-jul" - - "/log4j-to-slf4j" - - "/log4j-web" - open-pull-requests-limit: 10 + directory: "/" + exclude-paths: + # These use versions of MongoDB and SLF4J different + # from the remaining artifacts + - "/log4j-mongodb4" + - "/log4j-slf4j-impl" schedule: - interval: "daily" + interval: "monthly" + groups: + dependencies: + patterns: [ "*" ] target-branch: "2.x" registries: - maven-central @@ -166,9 +135,11 @@ updates: - package-ecosystem: maven directories: - "/log4j-mongodb4" - open-pull-requests-limit: 10 schedule: - interval: "daily" + interval: "monthly" + groups: + dependencies: + patterns: [ "*" ] target-branch: "2.x" registries: - maven-central @@ -180,20 +151,19 @@ updates: - package-ecosystem: github-actions directory: "/" schedule: - interval: "daily" - target-branch: "2.x" - - - package-ecosystem: npm - directory: "/" - schedule: - interval: "daily" + interval: "monthly" + groups: + dependencies: + patterns: [ "*" ] target-branch: "2.x" - package-ecosystem: maven directory: "/" - open-pull-requests-limit: 10 schedule: - interval: "daily" + interval: "monthly" + groups: + dependencies: + patterns: [ "*" ] target-branch: "main" registries: - maven-central @@ -222,9 +192,11 @@ updates: - package-ecosystem: maven directories: - "/log4j-slf4j-impl" - open-pull-requests-limit: 10 schedule: - interval: "daily" + interval: "monthly" + groups: + dependencies: + patterns: [ "*" ] target-branch: "main" registries: - maven-central @@ -236,11 +208,17 @@ updates: - package-ecosystem: github-actions directory: "/" schedule: - interval: "daily" + interval: "monthly" + groups: + dependencies: + patterns: [ "*" ] target-branch: "main" - package-ecosystem: npm directory: "/" schedule: - interval: "daily" + interval: "monthly" + groups: + dependencies: + patterns: [ "*" ] target-branch: "main" diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e76d34669d8..42d44a60ce8 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -29,7 +29,6 @@ permissions: read-all jobs: build: - if: github.actor != 'dependabot[bot]' uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.1.1 secrets: DV_ACCESS_TOKEN: ${{ startsWith(github.ref_name, 'release/') && '' || secrets.DEVELOCITY_ACCESS_KEY }} diff --git a/.github/workflows/merge-dependabot.yaml b/.github/workflows/merge-dependabot.yaml deleted file mode 100644 index 134d18b1a0e..00000000000 --- a/.github/workflows/merge-dependabot.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to you under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -name: merge-dependabot - -on: - pull_request_target: - paths-ignore: - - "**.adoc" - - "**.md" - - "**.txt" - -permissions: read-all - -jobs: - - build: - if: github.repository == 'apache/logging-log4j2' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]' - uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.1.1 - secrets: - DV_ACCESS_TOKEN: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - with: - java-version: | - 8 - 17 - develocity-enabled: true - reproducibility-check-enabled: false - - merge-dependabot: - needs: build - uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/12.1.1 - with: - java-version: 17 - permissions: - contents: write # to push changelog commits - pull-requests: write # to close the PR - secrets: - GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }} # to sign commits