CoderDeltaLAN · CoderDeltaLAN · Sep 18, 2025 · Sep 18, 2025 · Sep 18, 2025
@@ -0,0 +1,20 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    rebase-strategy: auto
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
@@ -0,0 +1,26 @@
+name: Auto-merge Dependabot when green
+on:
+  pull_request:
+    types: [labeled, synchronize, reopened, ready_for_review]
+  check_suite:
+    types: [completed]
+permissions:
+  contents: write
+  pull-requests: write
+jobs:
+  enable-automerge:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Find green Dependabot PRs
+        uses: peter-evans/find-pull-request@v3
+        id: find
+        with:
+          author: dependabot[bot]
+          state: open
+          base: main
+      - name: Enable auto-merge (squash)
+        if: steps.find.outputs.pull-requests != ''
+        uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          pull-request-number: ${{ fromJson(steps.find.outputs.pull-requests)[0].number }}
+          merge-method: squash
@@ -0,0 +1,30 @@
+name: dependabot-auto-merge
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  automerge:
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch metadata
+        id: meta
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable PR auto-merge (patch/minor only)
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-patch' ||
+          steps.meta.outputs.update-type == 'version-update:semver-minor'
+        uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          pull-request-number: ${{ github.event.pull_request.number }}
+          merge-method: squash
@@ -0,0 +1,52 @@
+name: publish-pypi
+on:
+  workflow_dispatch:
+  push:
+    tags: ["v*"]
+permissions:
+  contents: read
+  id-token: write
+jobs:
+  build-publish:
+    name: Build & publish to PyPI
+    runs-on: ubuntu-latest
+    environment: pypi
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-tags: true
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+          cache: "pip"
+
+      - name: Install build backend
+        run: python -m pip install --upgrade pip build
+
+      - name: Build sdist & wheel
+        run: python -m build --sdist --wheel --outdir dist/
+
+      - name: Check tag matches version (only on tags)
+        if: startsWith(github.ref, 'refs/tags/')
+        shell: bash
+        run: |
+          PYPROJECT_VERSION=$(python - <<'PY'
+          import tomllib, sys
+          d = tomllib.load(open("pyproject.toml","rb"))
+          v = (d.get("project") or {}).get("version") \
+              or (d.get("tool", {}).get("poetry") or {}).get("version")
+          if not v:
+              sys.exit(2)
+          print(v)
+          PY
+          )
+          TAG="${GITHUB_REF_NAME#v}"
+          echo "pyproject/poetry: $PYPROJECT_VERSION / tag: $TAG"
+          test "$TAG" = "$PYPROJECT_VERSION"
+
+      - name: Publish to PyPI (Trusted Publisher)
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          print_hash: true
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "ci-matrix-starter"
-version = "0.1.0"
+version = "0.1.5"
 description = "Reusable CI workflows for Py/TS with SBOM & signatures."
 authors = ["CoderDeltaLAN <coderdeltalan.cargo784@8alias.com>"]
 readme = "README.md"