feat: added configuration files for dependabot and labeler (#21)

Author: mfranzke

.github/dependabot.yml

@@ -0,0 +1,19 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    pull-request-branch-name:
+      separator: "-"
+
+  # Daily: Check minor and patch updates
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    pull-request-branch-name:
+      separator: "-"
+    # https://github.com/dependabot/dependabot-core/issues/5226#issuecomment-1179434437
+    versioning-strategy: increase

.github/labeler.yml

@@ -0,0 +1,13 @@
+---
+# Add 'cicd' label to any file changes inside .github dir
+cicd:
+  - .github/*
+  - .github/**/*
+
+# Add 'patterns' label to any file changes for the patterns
+patterns:
+  - source/_patterns/**
+
+# Add 'documentation' label to any file changes for the documentation files
+documentation:
+  - ./**/*.md

.github/workflows/99-auto-merge.yml

@@ -0,0 +1,28 @@
+---
+name: Dependabot auto-merge
+on:
+  workflow_call:
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: ⬇ Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1.3.3
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: ✔ Approve a PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+      - name: 🤖 Enable auto-merge for Dependabot PRs
+        if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/99-codeql-analysis.yml

@@ -0,0 +1,28 @@
+---
+name: "CodeQL"
+on:
+  workflow_call:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript"]
+
+    steps:
+      - name: ⬇ Checkout repo
+        uses: actions/checkout@v3
+
+      - name: 🔄 Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: 🔨 Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: 🔎 Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/99-dependency-review.yml

@@ -0,0 +1,13 @@
+---
+name: "Dependency Review"
+on:
+  workflow_call:
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: ⬇ Checkout repo
+        uses: actions/checkout@v3
+      - name: 🔎 Dependency Review
+        uses: actions/dependency-review-action@v2

.github/workflows/99-labeler.yml

@@ -0,0 +1,14 @@
+---
+name: "Pull Request Labeler"
+on:
+  workflow_call:
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 🏷️ Labeler
+        uses: actions/labeler@v4
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          sync-labels: true

.github/workflows/default.yml

@@ -21,4 +21,6 @@ jobs:
   deploy:
     if: contains( github.ref, 'main')
     uses: ./.github/workflows/02-deploy-gh-pages.yml
+    # TODO: we need the following after we've added the preview branch deployments
+    # if: ${{ github.actor != 'dependabot[bot]' }}
     needs: [lint, test, build]

.github/workflows/pull-request.yml

@@ -0,0 +1,25 @@
+---
+name: Default On-Pull-Request
+
+on:
+  pull_request:
+    branches: ["main"]
+
+permissions:
+  pull-requests: write
+  contents: write
+  actions: read
+  security-events: write
+
+jobs:
+  auto-merge:
+    uses: ./.github/workflows/99-auto-merge.yml
+
+  codeql:
+    uses: ./.github/workflows/99-codeql-analysis.yml
+
+  dependency-review:
+    uses: ./.github/workflows/99-dependency-review.yml
+
+  labeler:
+    uses: ./.github/workflows/99-labeler.yml