Skip to content

Configure dependabot vulnerability alerts on all repos#220

Merged
UnstoppableMango merged 2 commits into
mainfrom
vuln-alerts
Jun 1, 2026
Merged

Configure dependabot vulnerability alerts on all repos#220
UnstoppableMango merged 2 commits into
mainfrom
vuln-alerts

Conversation

@UnstoppableMango

@UnstoppableMango UnstoppableMango commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

No description provided.

Copilot AI review requested due to automatic review settings June 1, 2026 22:21
Copilot AI reviewed Jun 1, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR centralizes enabling GitHub Dependabot vulnerability alerts by moving that configuration out of per-repo gh.Repository arguments and into a dedicated gh.RepositoryVulnerabilityAlerts resource created for every Repo component instance.

Changes:

  • Add a RepositoryVulnerabilityAlerts child resource to the shared Repo component.
  • Remove the inline vulnerabilityAlerts setting from PublicRepo repository creation.
  • Export vulnerabilityAlerts via registerOutputs from PublicRepo and PrivateRepo.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
components/repo.ts Creates a RepositoryVulnerabilityAlerts resource for each repository component.
components/publicRepo.ts Removes inline vulnerability alerts setting and registers the new vulnerability alerts resource as an output.
components/privateRepo.ts Registers the new vulnerability alerts resource as an output.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread components/publicRepo.ts
Comment thread components/privateRepo.ts
@pulumi

pulumi Bot commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown

🍹 The Update (preview) for UnstoppableMango/unmango-github/prod (at 345f666) was successful.

✨ Neo Explanation

This refactors vulnerability alerts into a standalone managed resource for all 15 public repos (and private repos going forward), which is purely additive — no deletions or replacements. ✅ Low Risk, with a minor caveat that the GitHub provider version mismatch (6.13.1 vs required ≥6.14.0) should be verified before applying.

This PR moves vulnerabilityAlerts out of the Repository resource's inline property (vulnerabilityAlerts: true removed from publicRepo.ts) and into a dedicated github:index:RepositoryVulnerabilityAlerts resource defined in the base Repo class. This applies uniformly to both public and private repos. The if (opts?.urn) return guard prevents double-initialization during refresh operations.

🔵 Info — The GitHub provider plugin on the runner is version 6.13.1 but the code expects ≥6.14.0. The RepositoryVulnerabilityAlerts resource type was introduced or changed in 6.14.0. This version mismatch could cause the create operations to fail or behave unexpectedly at apply time.

🔵 Info — The pages property on several repositories is deprecated by the provider in favor of a standalone github_repository_pages resource. This won't block the current deploy but will require migration before a future provider upgrade.

Resource Changes

    Name                 Type                                                                      Operation
+   charts               github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
+   game                 github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
+   cloudflare-operator  github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
~   go                   unmango:github:PublicRepo                                                 update
+   thecluster-operator  github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
+   thecluster           github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
~   gnumake-go           unmango:github:PublicRepo                                                 update
+   aferox               github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
+   protofs              github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
~   devctl               unmango:github:PublicRepo                                                 update
~   kubebuilder          unmango:github:PublicRepo                                                 update
+   devctl               github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
~   apis                 unmango:github:PublicRepo                                                 update
~   protofs              unmango:github:PublicRepo                                                 update
~   aferox               unmango:github:PublicRepo                                                 update
+   apis                 github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
~   pulumi-baremetal     unmango:github:PublicRepo                                                 update
~   thecluster           unmango:github:PublicRepo                                                 update
+   go-pia               github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
+   pulumi-baremetal     github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
~   game                 unmango:github:PublicRepo                                                 update
+   go-make              github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
~   go-make              unmango:github:PublicRepo                                                 update
~   thecluster-operator  unmango:github:PublicRepo                                                 update
+   kubebuilder          github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
~   charts               unmango:github:PublicRepo                                                 update
+   gnumake-go           github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create
~   go-pia               unmango:github:PublicRepo                                                 update
~   cloudflare-operator  unmango:github:PublicRepo                                                 update
+   go                   github:index/repositoryVulnerabilityAlerts:RepositoryVulnerabilityAlerts  create

@UnstoppableMango UnstoppableMango merged commit bb31ee2 into main Jun 1, 2026
3 checks passed
@UnstoppableMango UnstoppableMango deleted the vuln-alerts branch June 1, 2026 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@UnstoppableMango