Skip to content

build: Update dependabot config #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 13, 2025
Merged

build: Update dependabot config #91

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,15 @@ version: 2
updates:
- package-ecosystem: "devcontainers"
directory: "/"
prefix: "chore: "
schedule:
interval: weekly
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
prefix: "build: "
groups:
actions-deps:
patterns:
- "*"
3 changes: 1 addition & 2 deletions .github/workflows/medcat-service_docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,99 +17,98 @@
run:
working-directory: ./medcat-service
jobs:

build:

if: github.event.pull_request.user.login != 'dependabot[bot]' && github.repository == 'CogStack/cogstack-nlp'
runs-on: ubuntu-latest
outputs:
image_version: ${{ steps.meta.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Log in to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Extract metadata (tags, labels) for Docker MedCATservice
id: meta
uses: docker/metadata-action@v5
with:
images: cogstacksystems/medcat-service
tags: |
# set latest tag for default branch
type=raw,value=latest,enable={{is_default_branch}}
# Include all default tags
type=schedule
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha
# Create version tag based on tag prefix
type=match,pattern=medcat-service/v(\d+\.\d+\.\d+),group=1
flavor: latest=false

- name: Make medact-v2 available within build
run: cp -r ../medcat-v2 medcat-v2

- name: Build and push Docker MedCATservice image
id: docker_build
uses: docker/build-push-action@v6
with:
context: ./medcat-service/
push: true
allow: network.host
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=cogstacksystems/medcat-service:buildcache
cache-to: type=registry,ref=cogstacksystems/medcat-service:buildcache,mode=max
build-args: |
REINSTALL_CORE_FROM_LOCAL=true

- name: Extract metadata (tags, labels) for Docker MedCATservice-gpu
id: meta-gpu
uses: docker/metadata-action@v5
with:
images: cogstacksystems/medcat-service-gpu
tags: |
# set latest tag for default branch
type=raw,value=latest,enable={{is_default_branch}}
# Include all default tags
type=schedule
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha
# Create version tag based on tag prefix
type=match,pattern=medcat-service/v(\d+\.\d+\.\d+),group=1
flavor: latest=false
build-args: |
REINSTALL_CORE_FROM_LOCAL=true

- name: Build and push Docker Jupyter singleuser image with GPU support
id: docker_build_gpu
uses: docker/build-push-action@v6
with:
context: ./medcat-service/
file : "./medcat-service/Dockerfile_gpu"
allow: network.host
tags: ${{ steps.meta-gpu.outputs.tags }}
labels: ${{ steps.meta-gpu.outputs.labels }}
push: true
cache-from: type=registry,ref=cogstacksystems/medcat-service-gpu:buildcache
cache-to: type=registry,ref=cogstacksystems/medcat-service-gpu:buildcache,mode=max
build-args: |
REINSTALL_CORE_FROM_LOCAL=true

- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
working-directory: "./"
integration_test:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
runs-on: ubuntu-latest
needs: build
strategy:
Expand Down
Loading