ci/cd: remove workflows for the time being; add dependabot

.github/dependabot.yml

@@ -1,7 +1,14 @@
-# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
 version: 2
 updates:
   - package-ecosystem: "pip"
-    directory: "/"
+    directory: "/src/surplus"
     schedule:
       interval: "weekly"
+  - package-ecosystem: "pip"
+    directory: "/src/spow-telegram-bridge"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: gomod
+    directory: "/src/spow-whatsapp-bridge"
+    schedule:
+      interval: "daily"

.github/workflows/cd.yml

@@ -1,75 +0,0 @@
-name: continous deployment
-
-on:
-  workflow_dispatch:
-  push:
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    outputs:
-      hashes: ${{ steps.hash.outputs.hashes }}
-
-    steps:
-      - name: checkout
-        uses: actions/checkout@v4.1.2
-        with:
-          ref: ${{ github.ref }}
-
-      - name: get branch name
-        id: get-branch-name
-        uses: tj-actions/branch-names@v8
-
-      - name: install devbox
-        uses: jetpack-io/devbox-install-action@v0.8.0
-
-      - name: run releaser.py
-        run: devbox run python releaser.py
-        env:
-          SURPLUS_BUILD_BRANCH: ${{ steps.get-branch-name.outputs.base_ref_branch }}
-
-      - name: build project
-        id: build
-        run: devbox run hatch build 
-
-      - name: duplicate non-versioned wheel
-        run: cp dist/surplus-*.whl dist/surplus-latest-py3-none-any.whl
-
-      - name: generate provenance subjects
-        id: hash
-        run: |
-          cd dist
-          HASHES=$(sha256sum * | base64 -w0)
-          echo "hashes=$HASHES" >> "$GITHUB_OUTPUT"
-
-      - uses: actions/upload-artifact@v3
-        with:
-          name: wheels
-          path: dist/
-
-  release:
-    if: startsWith(github.ref, 'refs/tags/v')
-    needs: [build]
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    
-    steps:
-      - name: release
-        uses: softprops/action-gh-release@v2.0.4
-        with:
-          files: |
-            dist/*.whl
-      
-  provenance:
-    needs: [build]
-    permissions:
-      actions: read
-      id-token: write
-      contents: write
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
-    with:
-      base64-subjects: "${{ needs.build.outputs.hashes }}"
-      upload-assets: true

.github/workflows/ci.yml

@@ -1,25 +0,0 @@
-name: continuous integration
-
-on:
-  workflow_dispatch:
-  push:
-    paths:
-      - "*.py"
-      - "**.py"
-      - "*.lock"
-      - "pyproject.toml"
-
-jobs:
-  analyse:
-    runs-on: ubuntu-latest
-    steps:
-      - name: checkout
-        uses: actions/checkout@v4.1.2
-        with:
-          ref: ${{ github.ref }}
-
-      - name: install devbox
-        uses: jetpack-io/devbox-install-action@v0.8.0
- 
-      - name: run checks
-        run: devbox run hatch run check