Skip to content

Commit fb5f840

Browse files
Refresh GPD skills and agent definitions (#8)
* Refresh GPD skills and agent definitions
1 parent 7a2fafb commit fb5f840

6 files changed

Lines changed: 484 additions & 16 deletions

File tree

.github/CODEOWNERS

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,3 @@
1-
* @MichaelsEngineering
2-
.github/** @MichaelsEngineering
31
plans/** @MichaelsEngineering
42
scripts/agent-orchestrator/** @MichaelsEngineering
53
src/** @MichaelsEngineering

.github/dependabot.yml

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,6 @@ updates:
88
time: "03:00"
99
timezone: "UTC"
1010
open-pull-requests-limit: 5
11-
labels:
12-
- "dependencies"
13-
- "security"
14-
assignees:
15-
- "MichaelsEngineering"
16-
reviewers:
17-
- "MichaelsEngineering"
1811
groups:
1912
python-security:
2013
applies-to: security-updates
@@ -33,13 +26,6 @@ updates:
3326
time: "03:15"
3427
timezone: "UTC"
3528
open-pull-requests-limit: 5
36-
labels:
37-
- "dependencies"
38-
- "security"
39-
assignees:
40-
- "MichaelsEngineering"
41-
reviewers:
42-
- "MichaelsEngineering"
4329
groups:
4430
actions-security:
4531
applies-to: security-updates
Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
name: dependabot-auto-merge
2+
3+
on:
4+
pull_request_target:
5+
types:
6+
- opened
7+
- reopened
8+
- synchronize
9+
- ready_for_review
10+
11+
permissions:
12+
contents: write
13+
pull-requests: write
14+
15+
jobs:
16+
dependabot:
17+
name: dependabot
18+
if: github.event.pull_request.user.login == 'dependabot[bot]' && !github.event.pull_request.draft
19+
runs-on: ubuntu-latest
20+
steps:
21+
- name: Fetch Dependabot metadata
22+
id: metadata
23+
uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7
24+
with:
25+
github-token: ${{ secrets.GITHUB_TOKEN }}
26+
27+
- name: Approve safe Dependabot updates
28+
if: |
29+
startsWith(steps.metadata.outputs.update-type, 'security-update:') ||
30+
steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
31+
steps.metadata.outputs.update-type == 'version-update:semver-minor'
32+
run: gh pr review --approve "$PR_URL"
33+
env:
34+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
35+
PR_URL: ${{ github.event.pull_request.html_url }}
36+
37+
- name: Enable auto-merge for safe Dependabot updates
38+
if: |
39+
startsWith(steps.metadata.outputs.update-type, 'security-update:') ||
40+
steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
41+
steps.metadata.outputs.update-type == 'version-update:semver-minor'
42+
run: gh pr merge --auto --squash "$PR_URL"
43+
env:
44+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
45+
PR_URL: ${{ github.event.pull_request.html_url }}
Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
name: dependency-review
2+
3+
on:
4+
pull_request:
5+
6+
permissions:
7+
contents: read
8+
pull-requests: write
9+
10+
jobs:
11+
dependency-review:
12+
name: dependency-review
13+
runs-on: ubuntu-latest
14+
steps:
15+
- name: Checkout
16+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
17+
with:
18+
fetch-depth: 0
19+
- name: Detect dependency file changes
20+
id: changed
21+
run: |
22+
if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}" | grep -Eq '^(pyproject\.toml|uv\.lock)$'; then
23+
echo "run_review=true" >> "$GITHUB_OUTPUT"
24+
else
25+
echo "run_review=false" >> "$GITHUB_OUTPUT"
26+
fi
27+
- name: Skip dependency review when no package manifests changed
28+
if: steps.changed.outputs.run_review != 'true'
29+
run: echo "No dependency manifest changes detected; skipping dependency review."
30+
- name: Review dependency changes
31+
if: steps.changed.outputs.run_review == 'true'
32+
uses: actions/dependency-review-action@v4

0 commit comments

Comments
 (0)