Skip to content

Add GitHub Actions CI and Dependabot#1

Merged
endrju19 merged 4 commits intomainfrom
ghci
Mar 25, 2026
Merged

Add GitHub Actions CI and Dependabot#1
endrju19 merged 4 commits intomainfrom
ghci

Conversation

@endrju19
Copy link
Collaborator

@endrju19 endrju19 commented Mar 25, 2026
edited
Loading

Summary

  • Add .github/workflows/ci.yml — CI workflow with JDK matrix [21, 25], ktlintCheck + test, test artifact upload, Dependabot auto-merge
  • Add .github/dependabot.yml — weekly dependency updates for Gradle (grouped: production vs testing) and GitHub Actions, with auto-merge via shared SML workflow

Implements KOJAK-34.

Details

CI workflow:

  • Triggers on push to main and PRs
  • Matrix: JDK 21 (minimum, jvmToolchain(21)) + JDK 25 (latest LTS)
  • fail-fast: false for full signal on both JDK versions
  • permissions: contents: write + pull-requests: write (required for auto-merge)
  • Third-party actions SHA-pinned (gradle/actions), GitHub-owned use version tags

Dependabot auto-merge:

  • auto-merge-dependabot job calls shared softwaremill/github-actions-workflows auto-merge workflow
  • Uses SOFTWAREMILL_CI_PR_TOKEN PAT to trigger downstream CI on merge to main
  • Dependabot PRs labeled automerge via dependabot.yml config
  • Follows sttp-ai/tapir pattern

Dependabot:

  • gradle ecosystem with two groups: production (exposed, spring, jackson, drivers) and testing (kotest, testcontainers, wiremock) — separate risk levels, auto-classified via dependency-type
  • github-actions ecosystem for keeping workflow actions current

Out of scope (deferred to KOJAK-35):

  • Release-drafter, release notes, Maven Central publishing

Test plan

  • CI workflow triggers on this PR with two matrix jobs (JDK 21, JDK 25)
  • ktlintCheck passes on both JDK versions
  • All tests pass on both JDK versions (including Testcontainers-based integration tests)
  • Create automerge label in GitHub repo settings (or verify Dependabot auto-creates it on first PR)

endrju19 added 4 commits March 24, 2026 17:08
@endrju19
feat: add GitHub Actions CI workflow with JDK matrix
3962b57 
Triggers on push to main and PRs.
Matrix tests against JDK 21 (minimum) and JDK 25 (latest LTS).
Includes ktlintCheck, test, and test artifact upload.
@endrju19
feat: add Dependabot config for Gradle and GitHub Actions updates
3c3ad81 
Gradle deps split into two groups: production (exposed, spring,
jackson, drivers) and testing (kotest, testcontainers, wiremock).
Grouping reduces PR noise while keeping risk levels separate.
@endrju19
chore: bump gradle/actions/setup-gradle to v4.4.4
16d4428 
Update SHA pin from v4.4.1 to v4.4.4 (latest v4.x patch).
@endrju19
feat: add Dependabot auto-merge via shared SML workflow
445429a 
- Add auto-merge-dependabot job using shared auto-merge workflow
- Add "automerge" label to both Dependabot ecosystems
- Uses SOFTWAREMILL_CI_PR_TOKEN to trigger downstream CI on merge
- Follows sttp-ai/tapir pattern (andrzej.kobylinski Feb-Mar 2026 fixes)
@endrju19 endrju19 merged commit 6c029af into main Mar 25, 2026
4 checks passed
@endrju19 endrju19 deleted the ghci branch March 25, 2026 11:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@ramafasa ramafasa ramafasa approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@endrju19 @ramafasa