improve workflows

Author: submarcos

.github/dependabot.yml

@@ -0,0 +1,20 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "pip"
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "django"
+        update-types: [ "version-update:semver-major", "version-update:semver-minor" ]  # only allow auto update on django bug and security fixes
+    open-pull-requests-limit: 20

.github/release.yml

@@ -0,0 +1,45 @@
+changelog:
+  categories:
+    - title: 💥 Breaking changes
+      labels:
+        - '💥 Breaking changes'
+    - title: ✨ New features
+      labels:
+        - '✨ Feature'
+    - title: 💫 Improvements
+      labels:
+        - '💫 Improvements'
+        - '💄 UI/UX'
+    - title: 🐛 Bug fixes
+      labels:
+        - '🐛 bug'
+        - '🚑 Hotfix'
+    - title: ⚡ Performances
+      labels:
+        - '⚡ Performances'
+    - title: 🔒 Security
+      labels:
+        - '🔒 Security'
+    - title: 📝 Documentation
+      labels:
+        - '📝 Documentation'
+        - 'scope: docs'
+        - '🌐 Translations'
+    - title: ♻️ Refactoring
+      labels:
+        - '♻️ Refactoring'
+    - title: ✅ Tests
+      labels:
+        - '✅ Tests'
+    - title: 👷 CI
+      labels:
+        - '👷 CI'
+        - github_actions
+        - 'scope: deployment'
+    - title: 🏗️ Maintenance
+      labels:
+        - dependencies
+        - '🏗️ Maintenance'
+    - title: Other Changes
+      labels:
+        - "*"

.github/workflows/dependencies.yml

@@ -0,0 +1,49 @@
+name: Check deps
+
+on:
+  pull_request:
+    paths:
+      - pyproject.toml
+      - requirements.txt
+      - requirements-dev.txt
+      - .github/workflows/dependencies.yml
+
+env:
+  DEBIAN_FRONTEND: noninteractive
+
+jobs:
+  quality:
+    name: Checking dependency graph
+    runs-on: ubuntu:latest
+    strategy:
+      matrix:
+        os: ['ubuntu-latest']
+        python-version: ['3.10']
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: astral-sh/setup-uv@v5
+        with:
+          version: "latest"
+          python-version: "3.12"
+
+      - name: Check dependency graph
+        run: |
+          uv pip compile pyproject.toml -o requirements.txt
+          uv pip compile pyproject.toml --extra dev -c requirements.txt -o requirements-dev.txt
+
+      - name: Verify dependency graph is ok
+        uses: tj-actions/verify-changed-files@v20
+        id: verify-changed-files
+        with:
+          files: |
+            requirements.txt
+            requirements-dev.txt
+
+      - name: Validating graph
+        if: steps.verify-changed-files.outputs.files_changed == 'true'
+        run: |
+          echo "Dependency file(s) changed: ${{ steps.verify-changed-files.outputs.changed_files }}"
+          git diff
+          core.setFailed('Please fix your dependency with uv pip compile commands')

.github/workflows/release.yml

@@ -0,0 +1,45 @@
+name: Release
+on:
+  workflow_run:
+    workflows: ["Run Tests"]
+    branches: [main]
+    types:
+      - completed
+
+jobs:
+    release:
+        if: ${{ github.event.workflow_run.conclusion == 'success' && github.ref == 'refs/heads/main' }}
+        runs-on: ubuntu-latest
+        permissions:
+            packages: write  # required to publish docker image
+        steps:
+
+        - name: Checkout code
+            uses: actions/checkout@v4
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images:  |
+            ghcr.io/makinacorpus/osm-paths
+
+      - name: Build and push image
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          provenance: mode=max
+          sbom: true
+          builder: ${{ steps.buildx.outputs.name }}
+          tags: ${{ steps.meta.outputs.tags }}