Skip to content

Document that GHA workflows are moved to gha/v0#455

Open
vy wants to merge 4 commits intomainfrom
ci
Open

Document that GHA workflows are moved to gha/v0#455
vy wants to merge 4 commits intomainfrom
ci

Conversation

@vy
Copy link
Copy Markdown
Member

@vy vy commented Apr 14, 2026

Document that GHA workflows are moved to gha/v0, remove mention of automated dependabot PR merge, and dust off some other basic infrastructure.

@vy vy added this to the 13.0.0 milestone Apr 14, 2026
@vy vy requested a review from ppkarwasz April 14, 2026 13:52
@vy vy self-assigned this Apr 14, 2026
ppkarwasz
ppkarwasz requested changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ppkarwasz ppkarwasz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, but there are some small points worth correcting.

.github/workflows/codeql-analysis.yaml
Comment on lines -37 to +41
name: Analyze
runs-on: ubuntu-latest
uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@gha/v0
Copy link
Copy Markdown
Contributor

@ppkarwasz ppkarwasz Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logging-parent repo does not have any Java code, this is why codeql-analysis was copy-pasted and slightly adapted, instead of using the codeql-analysis-reusable.

.github/dependabot.yaml
directory: "/"
schedule:
interval: daily
interval: monthly
Copy link
Copy Markdown
Contributor

@ppkarwasz ppkarwasz Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GitHub Actions might need to be updated more often than monthly, but I would apply the recommended cooldown period. In our case, the cooldown period allows the INFRA team to review and allow the new version of the action.

Suggested change
interval: monthly
interval: weekly
cooldown:
default-days: 7

.github/dependabot.yaml
Comment on lines +59 to +60
schedule:
interval: monthly
Copy link
Copy Markdown
Contributor

@ppkarwasz ppkarwasz Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above: weekly, but with a cooldown.

Suggested change
schedule:
interval: monthly
schedule:
interval: weekly
cooldown:
default-days: 7

package-lock.json
Comment on lines -706 to -719
"node_modules/dunder-proto": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
"integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
"license": "MIT",
"dependencies": {
"call-bind-apply-helpers": "^1.0.1",
"es-errors": "^1.3.0",
"gopd": "^1.2.0"
},
"engines": {
"node": ">= 0.4"
}
},
Copy link
Copy Markdown
Contributor

@ppkarwasz ppkarwasz Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure, why this PR updates the lock file.

pom.xml
<exclude>.github/ISSUE_TEMPLATE/*.md</exclude>
<exclude>.github/pull_request_template.md</exclude>
<!-- `.logging-parent-bom-activator` activates the `bom` Maven profile: -->
<exclude>.logging-parent-bom-activator</exclude>
Copy link
Copy Markdown
Contributor

@ppkarwasz ppkarwasz Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: alternatively we can use the shortest possible license declaration:

SPDX-License-Identifier: Apache-2.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ppkarwasz ppkarwasz ppkarwasz requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@vy vy

Labels

None yet

Projects

None yet

Milestone

13.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@vy @ppkarwasz