diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c5efd6a..fac21a7 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,14 +16,30 @@ updates: commit-message: prefix: "chore(deps)" include: "scope" - allow: - - dependency-type: "all" + groups: + minor-and-patch: + dependency-type: "production" + update-types: + - "minor" + - "patch" + development-updates: + dependency-type: "development" + update-types: + - "minor" + - "patch" ignore: - # Ignore pre-release versions - - dependency-name: "*" + # Dev-only deps: block majors, keep production deps fully updated. + # `ignore` does not support `dependency-type`, so dev deps are named explicitly. + - dependency-name: "isort" + update-types: ["version-update:semver-major"] + - dependency-name: "pytest" + update-types: ["version-update:semver-major"] + - dependency-name: "mypy" + update-types: ["version-update:semver-major"] + - dependency-name: "pyinstaller" update-types: ["version-update:semver-major"] - # GitHub Actions + # GitHub Actions — no major version ignore (CI/CD security-critical) - package-ecosystem: "github-actions" directory: "/" target-branch: "develop" @@ -38,3 +54,8 @@ updates: commit-message: prefix: "ci(deps)" include: "scope" + groups: + minor-and-patch: + update-types: + - "minor" + - "patch" diff --git a/.github/workflows/project-automation.yml b/.github/workflows/project-automation.yml index 9d0949e..0534276 100644 --- a/.github/workflows/project-automation.yml +++ b/.github/workflows/project-automation.yml @@ -104,6 +104,15 @@ jobs: echo " Failed to add to Project" echo " Details: $(echo "$RESPONSE" | jq '.errors')" fi + + # Richiedi reviewer + echo " - Requesting reviewer..." + curl -s -X POST \ + -H "Authorization: token $TOKEN" \ + -H "Accept: application/vnd.github+json" \ + -d "{\"reviewers\":[\"${{ env.ASSIGNEE }}\"]}" \ + "https://api.github.com/repos/$REPO/pulls/$PR_NUM/requested_reviewers" > /dev/null + echo " Reviewer requested" fi # Se PR è stato chiuso