ci: add dependabot validation

ReenigneArcher · ReenigneArcher · commit 487974b8ae2f · 2026-03-27T21:42:13.000-04:00
diff --git a/.github/workflows/__renovate-config-validator.yml b/.github/workflows/__renovate-config-validator.yml
@@ -34,9 +34,15 @@ jobs:
           # shellcheck disable=SC2086  # do not quote to keep this as a single line
           echo found=${files} >> "${GITHUB_OUTPUT}"
 
+      - name: Setup Node
+        if: steps.find-files.outputs.found != ''
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f  # v6.3.0
+        with:
+          node-version: latest
+
       - name: Install npm dependencies
         if: steps.find-files.outputs.found != ''
-        run: npm install --ignore-scripts --global renovate
+        run: npm install --ignore-scripts
 
       - name: renovate config validator
         if: steps.find-files.outputs.found != ''
@@ -47,7 +53,7 @@ jobs:
 
           for FILE in ${{ steps.find-files.outputs.found }}; do
             file_status=0
-            renovate-config-validator --strict ${FILE} || file_status=$?
+            npm run validate-renovate -- ${FILE} || file_status=$?
 
             # set github step summary
             if [ $file_status -ne 0 ]; then
diff --git a/.github/workflows/__validate-dependabot.yml b/.github/workflows/__validate-dependabot.yml
@@ -0,0 +1,36 @@
+---
+# This workflow is centrally managed in https://github.com/<organization>/.github/
+# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in
+# the above-mentioned repo.
+
+# Validate Dependabot config files.
+
+name: validate dependabot config
+permissions: {}
+
+on:
+  pull_request:
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  validate-dependabot:
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
+
+      - name: Setup Node
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f  # v6.3.0
+        with:
+          node-version: latest
+
+      - name: Install dependencies
+        run: npm install --ignore-scripts
+
+      - name: Validate dependabot config
+        run: npm run validate-dependabot
diff --git a/.gitignore b/.gitignore
@@ -158,3 +158,7 @@ cython_debug/
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 .idea/
+
+# Node
+node_modules/
+package-lock.json
diff --git a/package.json b/package.json
@@ -0,0 +1,13 @@
+{
+  "name": "lizardbyte-github",
+  "version": "0.0.0",
+  "description": "LizardByte .github repository",
+  "scripts": {
+    "validate-dependabot": "validate-dependabot-yaml",
+    "validate-renovate": "renovate-config-validator --strict"
+  },
+  "devDependencies": {
+    "@bugron/validate-dependabot-yaml": "0.3.3",
+    "renovate": "43.96.0"
+  }
+}
