diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c2baff44e..caa9934ca 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,11 +9,13 @@ updates: - package-ecosystem: docker directories: - - "/powertools-e2e-tests" - - "/examples" - labels: [ ] + - "/powertools-e2e-tests/src/test/resources/docker" + - "/docs" + - "/examples/**" schedule: interval: daily + commit-message: + prefix: chore - package-ecosystem: "maven" directory: "/" diff --git a/.github/workflows/security-dependabot.yml b/.github/workflows/security-dependabot.yml deleted file mode 100644 index 3baa20897..000000000 --- a/.github/workflows/security-dependabot.yml +++ /dev/null @@ -1,42 +0,0 @@ -# Auto merges dependabot PRs -# -# Description: -# Auto-merges dependabot PRs if all checks pass -# We verify all commits in the PR to ensure no one else has committed to the PR -# -# Triggers: -# - pull_request - -on: - pull_request: - branches: [ dependabot/* ] - -name: Dependabot updates -run-name: Dependabot - -permissions: - contents: read - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'aws-powertools/powertools-lambda-java' }} - permissions: - pull-requests: write - steps: - - id: dependabot-metadata - name: Fetch Dependabot metadata - uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0 - - name: Fail workflow - if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' }} - run: | - echo "::error::Major version upgrades are not wanted" - - name: Approve PR - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - gh pr review "${{ github.event.pull_request.html_url }}" --approve --body '🤖 Approved by another robot.' - - name: Enable auto-merge on PR - run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/examples/powertools-examples-core-utilities/sam-graalvm/Dockerfile b/examples/powertools-examples-core-utilities/sam-graalvm/Dockerfile index a690606ad..8377d6dc7 100644 --- a/examples/powertools-examples-core-utilities/sam-graalvm/Dockerfile +++ b/examples/powertools-examples-core-utilities/sam-graalvm/Dockerfile @@ -1,5 +1,5 @@ #Use the official AWS SAM base image for Java 21 -FROM public.ecr.aws/sam/build-java21:latest +FROM public.ecr.aws/sam/build-java21@sha256:a5554d68374e19450c6c88448516ac95a9acedc779f318040f5c230134b4e461 #Install GraalVM dependencies RUN curl -4 -L curl https://download.oracle.com/graalvm/21/latest/graalvm-jdk-21_linux-x64_bin.tar.gz | tar -xvz diff --git a/examples/powertools-examples-parameters/sam-graalvm/Dockerfile b/examples/powertools-examples-parameters/sam-graalvm/Dockerfile index a690606ad..8377d6dc7 100644 --- a/examples/powertools-examples-parameters/sam-graalvm/Dockerfile +++ b/examples/powertools-examples-parameters/sam-graalvm/Dockerfile @@ -1,5 +1,5 @@ #Use the official AWS SAM base image for Java 21 -FROM public.ecr.aws/sam/build-java21:latest +FROM public.ecr.aws/sam/build-java21@sha256:a5554d68374e19450c6c88448516ac95a9acedc779f318040f5c230134b4e461 #Install GraalVM dependencies RUN curl -4 -L curl https://download.oracle.com/graalvm/21/latest/graalvm-jdk-21_linux-x64_bin.tar.gz | tar -xvz diff --git a/examples/powertools-examples-serialization/sam-graalvm/Dockerfile b/examples/powertools-examples-serialization/sam-graalvm/Dockerfile index a690606ad..8377d6dc7 100644 --- a/examples/powertools-examples-serialization/sam-graalvm/Dockerfile +++ b/examples/powertools-examples-serialization/sam-graalvm/Dockerfile @@ -1,5 +1,5 @@ #Use the official AWS SAM base image for Java 21 -FROM public.ecr.aws/sam/build-java21:latest +FROM public.ecr.aws/sam/build-java21@sha256:a5554d68374e19450c6c88448516ac95a9acedc779f318040f5c230134b4e461 #Install GraalVM dependencies RUN curl -4 -L curl https://download.oracle.com/graalvm/21/latest/graalvm-jdk-21_linux-x64_bin.tar.gz | tar -xvz