Skip to content

v1.0.0 - Initial Release

Marketplace
Marketplace

Choose a tag to compare

View all tags
@EthanThePhoenix38 EthanThePhoenix38 released this 28 Jan 22:18
· 151 commits to main since this release
v1.0.0
7452ade

DependabotSecureFlow - The Silent Guardian

Version 1.0.0 - Enterprise-grade GitHub Action workflow for zero-touch dependency management.

Overview

DependabotSecureFlow implements a "Silent Guardian" philosophy: automating security updates, validating them via actual builds, and auto-correcting failures without human intervention. It acts as a Security Sandbox that filters dependencies before they reach your production code.

Key Features

1. Absolute Silence & Automation

  • No Notification Fatigue: You only receive notifications for successful outcomes (ready-to-merge batch updates)
  • Green-Only Policy: Failing dependency updates are caught, handled, and discarded quietly

2. Security Sandbox (securite branch)

  • Isolation: Dependabot PRs are never merged directly to master
  • Batching: All valid updates are consolidated into a single "Batch PR" from securite to master

3. Build Validation

  • Smoke Testing: Runs npm install and npm run build on your project
  • Prevention: If a dependency causes build failures, it is rejected immediately

4. Auto-Correction ("Self-Healing")

  • The Solution: If validation fails, the workflow automatically closes the PR, deletes the branch, and tells Dependabot to ignore that specific version

Why This Pattern?

This workflow implements a rare and advanced DevOps pattern known as a Self-Healing Pipeline:

  • SRE-Grade Maturity: Architecture typically found in highly mature Site Reliability Engineering teams
  • Self-Healing: Detects failures and repairs itself without human intervention
  • Ultra-Lightweight: Under 100 lines of YAML, no external services required

What's Included

  • Complete GitHub Actions workflow template
  • Action metadata (action.yml)
  • Comprehensive documentation
  • Configuration examples

Getting Started

  1. Create .github/dependabot.yml to enable Dependabot
  2. Add .github/workflows/dependabot-secure-flow.yml workflow file
  3. Set up GIT_AUTHOR_EMAIL secret in repository settings
  4. Let the Silent Guardian protect your dependencies

Documentation

Full documentation available in the README

Security

  • MIT Licensed
  • No external dependencies
  • Pure GitHub Actions native logic
  • GDPR compliant

Credits

Created by EthanThePhoenix38 | Phoenix Project

Note: This workflow assumes your repository is a Node.js project with a valid package.json file.

Assets 2
Loading