{"id":44989872,"url":"https://github.com/ethanthephoenix38/dependabot-secure-flow","last_synced_at":"2026-03-05T08:01:31.332Z","repository":{"id":335165164,"uuid":"1144591240","full_name":"EthanThePhoenix38/dependabot-secure-flow","owner":"EthanThePhoenix38","description":"The Silent Guardian: A Zero-Touch workflow that validates Dependabot updates via build tests, auto-closes failing PRs (Self-Healing), and batches secure updates silently. Stop notification fatigue","archived":false,"fork":false,"pushed_at":"2026-03-02T06:24:42.000Z","size":3265,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-02T10:59:16.551Z","etag":null,"topics":["automation","cybersecurity","dependabot","flow","github-actions","guardian","phoenixproject","repository","security","vibecoding"],"latest_commit_sha":null,"homepage":"https://ethanthephoenix38.github.io/dependabot-secure-flow/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EthanThePhoenix38.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["EthanThePhoenix38"],"patreon":"EthanThePhoenix","custom":["https://www.paypal.com/paypalme/VanessaBernier"],"ko-fi":["EthanThePhoenix"]}},"created_at":"2026-01-28T20:38:58.000Z","updated_at":"2026-02-25T04:15:24.000Z","dependencies_parsed_at":"2026-03-05T08:01:17.583Z","dependency_job_id":null,"html_url":"https://github.com/EthanThePhoenix38/dependabot-secure-flow","commit_stats":null,"previous_names":["ethanthephoenix38/dependabot-secure-flow"],"tags_count":16,"template":true,"template_full_name":null,"purl":"pkg:github/EthanThePhoenix38/dependabot-secure-flow","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EthanThePhoenix38%2Fdependabot-secure-flow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EthanThePhoenix38%2Fdependabot-secure-flow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EthanThePhoenix38%2Fdependabot-secure-flow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EthanThePhoenix38%2Fdependabot-secure-flow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EthanThePhoenix38","download_url":"https://codeload.github.com/EthanThePhoenix38/dependabot-secure-flow/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EthanThePhoenix38%2Fdependabot-secure-flow/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30115662,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T03:40:26.266Z","status":"ssl_error","status_checked_at":"2026-03-05T03:39:15.902Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","cybersecurity","dependabot","flow","github-actions","guardian","phoenixproject","repository","security","vibecoding"],"created_at":"2026-02-18T21:13:53.790Z","updated_at":"2026-03-05T08:01:31.309Z","avatar_url":"https://github.com/EthanThePhoenix38.png","language":"HTML","funding_links":["https://github.com/sponsors/EthanThePhoenix38","https://patreon.com/EthanThePhoenix","https://www.paypal.com/paypalme/VanessaBernier","EthanThePhoenix","https://ko-fi.com/EthanThePhoenix","https://www.patreon.com/EthanThePhoenix"],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"./banner.png\" width=\"600px\" alt=\"DependabotSecureFlow Banner\" style=\"border-radius: 10px; box-shadow: 0 4px 8px rgba(0,0,0,0.5);\"\u003e\n  \u003cbr\u003e\u003cbr\u003e\n  \n  [![Use this template](https://img.shields.io/badge/Use%20this%20Template-2ea44f?style=for-the-badge\u0026logo=github)](https://github.com/EthanThePhoenix38/dependabot-secure-flow/generate)\n  [![GitHub Marketplace](https://img.shields.io/badge/Marketplace-Dependabot%20Secure%20Flow-blue?style=for-the-badge\u0026logo=github)](https://github.com/marketplace/actions/dependabotsecureflow)\n  [![Build Status](https://img.shields.io/github/actions/workflow/status/EthanThePhoenix38/dependabot-secure-flow/dependabot-secure-flow.yaml?style=for-the-badge)](https://github.com/EthanThePhoenix38/dependabot-secure-flow/actions)\n  [![Dependabot](https://img.shields.io/badge/Dependabot-Active-025E8C?style=for-the-badge\u0026logo=dependabot\u0026logoColor=white)](https://github.com/EthanThePhoenix38/dependabot-secure-flow/network/dependencies)\n  [![YAML](https://img.shields.io/badge/YAML-CB171E?style=for-the-badge\u0026logo=yaml\u0026logoColor=white)](https://github.com/EthanThePhoenix38/dependabot-secure-flow)  [![Tests](https://img.shields.io/badge/Tests-Passing-green?style=for-the-badge\u0026logo=github-actions\u0026logoColor=white)](https://github.com/EthanThePhoenix38/dependabot-secure-flow/actions)  [![MIT License](https://img.shields.io/badge/License-MIT-green.svg?style=for-the-badge)](https://choosealicense.com/licenses/mit/)  [![GitHub release](https://img.shields.io/github/v/release/EthanThePhoenix38/dependabot-secure-flow?style=for-the-badge)](https://github.com/EthanThePhoenix38/dependabot-secure-flow/releases)  [![Security](https://img.shields.io/badge/Security-Hardened-yellow?style=for-the-badge\u0026logo=security)](https://github.com/EthanThePhoenix38/dependabot-secure-flow/security)\n  [![RGPD](https://img.shields.io/badge/RGPD-Compliant-blue?style=for-the-badge\u0026logo=gdpr\u0026logoColor=white)](https://github.com/EthanThePhoenix38/dependabot-secure-flow)\n\n\u003c/div\u003e\n\n# [DependabotSecureFlow](https://github.com/EthanThePhoenix38/dependabot-secure-flow)\n\n\u003e Automated dependency management with security-first batch processing\n\n[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-Dependabot%20Secure%20Flow-blue.svg?colorA=24292e\u0026colorB=0366d6\u0026style=flat\u0026longCache=true\u0026logo=github)](https://github.com/marketplace/actions/dependabotsecureflow)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\n## 🎯 Overview\n\n**Dependabot Secure Flow** is a GitHub Action that automatically manages dependency updates through a secure, batched workflow. Instead of merging Dependabot PRs directly to `main`, this action:\n\n1. ✅ Auto-merges Dependabot PRs into a `securite` branch\n2. 🧪 Validates builds and tests\n3. 📦 Batches multiple updates together\n4. 📝 Auto-generates changelog entries\n5. 🚀 Creates a single PR to `main` for review\n\n## 🚀 Features\n\n- **Security-First**: All updates are validated before reaching `main`\n- **Batch Processing**: Multiple dependency updates are grouped together\n- **Auto-Correction**: Failed builds automatically close problematic PRs\n- **Changelog Automation**: Automatic timestamp and changelog updates\n- **Zero Configuration**: Works out of the box with sensible defaults\n\n## 📦 Installation\n\n### 1. Add the workflow to your repository\n\nCreate `.github/workflows/dependabot-secure-flow.yml`:\n\n```yaml\nname: Dependabot Secure Flow\n\non:\n  pull_request:\n    types: [opened, synchronize]\n    paths:\n      - 'package.json'\n      - 'package-lock.json'\n  workflow_dispatch:\n\npermissions:\n  contents: write\n  pull-requests: write\n  issues: write\n\njobs:\n  auto-merge-to-securite:\n    uses: EthanThePhoenix38/dependabot-secure-flow/.github/workflows/dependabot-secure-flow.yml@main\n    secrets: inherit\n```\n\n### 2. Configure Dependabot\n\nCreate `.github/dependabot.yml`:\n\n```yaml\nversion: 2\nupdates:\n  - package-ecosystem: \"npm\"\n    directory: \"/\"\n    schedule:\n      interval: \"daily\"\n    open-pull-requests-limit: 10\n```\n\n### 3. Add required scripts to `package.json`\n\n```json\n{\n  \"scripts\": {\n    \"build\": \"echo 'Build step' \u0026\u0026 exit 0\",\n    \"test\": \"echo 'Test step' \u0026\u0026 exit 0\"\n  }\n}\n```\n\n## 🔧 How It Works\n\n```mermaid\ngraph LR\n    A[Dependabot PR] --\u003e B{Build Valid?}\n    B --\u003e|Yes| C[Merge to securite]\n    B --\u003e|No| D[Close PR]\n    C --\u003e E[Batch with others]\n    E --\u003e F[Create PR to main]\n    F --\u003e G[Manual Review]\n    G --\u003e H[Merge to main]\n```\n\n1. **Dependabot creates a PR** with dependency updates\n2. **Workflow validates** the build (`npm install \u0026\u0026 npm run build`)\n3. **Auto-merge to `securite`** if validation passes\n4. **Close PR** if validation fails (with label `skipped-vulnerability`)\n5. **Batch updates** accumulate in the `securite` branch\n6. **Create PR to `main`** for final review\n7. **Update documentation** (README timestamp, CHANGELOG)\n\n## 📋 Requirements\n\n- Node.js project with `package.json`\n- `npm run build` script (can be a no-op: `echo 'No build'`)\n- GitHub repository with Dependabot enabled\n\n## ⚙️ Configuration\n\n### Optional: Customize the workflow\n\nYou can override default behavior by modifying the workflow file:\n\n```yaml\njobs:\n  check-interdependencies:\n    steps:\n      - name: Auto-Correction \u0026 Validation\n        run: |\n          npm install --prefer-offline --no-audit\n          npm run build\n          npm test  # Add your test command\n```\n\n### Branch Strategy\n\n- `main`: Production-ready code\n- `securite`: Staging area for dependency updates\n- `dependabot/*`: Temporary branches (auto-deleted after merge)\n\n## 🛡️ Security\n\nThis action follows security best practices:\n\n- ✅ No external dependencies (uses only GitHub Actions)\n- ✅ Validates all updates before merging\n- ✅ Auto-closes PRs that fail validation\n- ✅ Requires manual review before reaching `main`\n\n## 📊 Example Output\n\nWhen the workflow runs successfully:\n\n```\n✅ Merged into securite branch for batch processing.\n📝 Updated CHANGELOG.md with timestamp\n🎉 Created PR #42: chore: dependency updates batch\n```\n\n## Configuration Options\n\n| Input | Description | Required | Default |\n| :--- | :--- | :--- | :--- |\n| `github-token` | Token to manage PRs (GITHUB_TOKEN) | Yes | N/A |\n| `node-version` | Node versions to use | No | 20 |\n| `test-command` | Command to run for validation | No | `npm install \u0026\u0026 npm run build` |\n\n---\n\n## 🤝 Contributing\n\nContributions are welcome! This action is maintained in the [AI-Pulse](https://github.com/ThePhoenixAgency/AI-Pulse) repository and automatically synced here.\n\n## 📄 License\n\nMIT License - see [LICENSE](LICENSE) for details\n\n## 🔗 Links\n\n- [GitHub Marketplace](https://github.com/marketplace/actions/dependabotsecureflow)\n- [Source Repository](https://github.com/EthanThePhoenix38/dependabot-secure-flow)\n- [Issue Tracker](https://github.com/EthanThePhoenix38/dependabot-secure-flow/issues)\n\n\n---\n\n## Support This Project\n\nIf this action helps secure your projects, support the development:\n\n[![GitHub Sponsors](https://img.shields.io/badge/Sponsor_on-GitHub-ea4aaa?style=for-the-badge\u0026logo=github)](https://github.com/sponsors/EthanThePhoenix38)\n[![Patreon](https://img.shields.io/badge/Support_on-Patreon-F96854?style=for-the-badge\u0026logo=patreon)](https://patreon.com/EthanThePhoenix)\n[![PayPal](https://img.shields.io/badge/Support_via-PayPal-00457C?style=for-the-badge\u0026logo=paypal)](https://www.paypal.com/paypalme/VanessaBernier)\n[![Ko-fi](https://img.shields.io/badge/Support_on-Ko--fi-F16061?style=for-the-badge\u0026logo=ko-fi)](https://ko-fi.com/EthanThePhoenix)\n\n\n[![Support via Patreon](https://img.shields.io/badge/Patreon-Support%20Development-f96854?logo=patreon\u0026logoColor=white)](https://www.patreon.com/EthanThePhoenix)\n\n**Your support helps fund the server and AI development!**\nIn exchange, I will add a link to your GitHub profile in the Contributors section.\n\nYou can also :\n\n- ⭐ **Star this repository**\n- 🐛 **Report issues** to help improve it\n- 🔀 **Fork it** to customize for your needs\n- 🐛 **Report issues** to help improve it\n\n---\n\n## Professional Page\n[https://thephoenixagency.github.io](https://thephoenixagency.github.io)\n\n---\n\n**Made with ❤️ by [ThePhoenixAgency](https://github.com/ThePhoenixAgency)**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fethanthephoenix38%2Fdependabot-secure-flow","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fethanthephoenix38%2Fdependabot-secure-flow","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fethanthephoenix38%2Fdependabot-secure-flow/lists"}