Skip to content

chore: improve CLO monitor by hardening CI and dependency management#28

Merged
shogom2 merged 1 commit intoCoHDI:mainfrom
ttsuuubasa:cohdi-dev
Mar 19, 2026
Merged

chore: improve CLO monitor by hardening CI and dependency management#28
shogom2 merged 1 commit intoCoHDI:mainfrom
ttsuuubasa:cohdi-dev

Conversation

@ttsuuubasa
Copy link
Collaborator

@ttsuuubasa ttsuuubasa commented Mar 19, 2026

What this PR does

This PR improves the overall maintainability and security posture of the CLO monitor repository by updating CI configuration and repository management settings.
Specifically, it includes the following changes:

  • Add Dependabot configuration

    • Enable automated dependency updates for:
      • Go modules
      • GitHub Actions
      • Docker

  • Harden GitHub Actions permissions

    • Explicitly restrict workflow permissions to contents: read to follow the principle of least privilege

  • Introduce an OWNERS file

    • Clearly define approvers and reviewers to align with Kubernetes-style ownership and review workflows

@ttsuuubasa
chore: improve CLO monitor by hardening CI and dependency management
d918702 
- Add Dependabot configuration for Go modules, GitHub Actions, and Docker
- Restrict GitHub Actions permissions to read-only for contents
- Introduce OWNERS file to clarify approvers and reviewers

Signed-off-by: Tsubasa Watanabe <[email protected]>
@shogom2 shogom2 self-requested a review March 19, 2026 09:51
@shogom2 shogom2 merged commit 271b70d into CoHDI:main Mar 19, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shogom2 shogom2 shogom2 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ttsuuubasa @shogom2