Bump Stream conventions to v0.12.1

[gpunto]

Goal

Pick up build-conventions v0.12.1. v0.12.0 made slack-webhook-url a required input on release.yml; v0.12.1 dropped an unused issues: write permission from a few reusable workflows. Also onboard this repo to Dependabot for stream-build-conventions-android, with all bumps grouped into one PR.

Implementation

• New .github/dependabot.yml covering gradle + github-actions, with groups.stream-conventions on each.
• Drop unneeded issues: write from PR-quality and stale-PR cleanup workflows.
• streamConventions 0.11.0 → 0.12.1 in gradle/libs.versions.toml.
• All GetStream/stream-build-conventions-android/.github/workflows/...@v0.11.0 refs → @v0.12.1.
• Pass slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_ANDROID_CICD }} to release.yml in publish-new-version.yml.

Testing

• Yaml validation via the PR-quality workflow.
• Slack notifications and grouped Dependabot PRs validated on the next runs.

Checklist

• Issue linked (if any)
• Tests/docs updated
• I have signed the Stream CLA (required for external contributors)

Summary by CodeRabbit

• Chores
  • Updated build convention dependencies to v0.12.1 for improved CI/CD stability.
  • Configured dependency grouping strategy to streamline automated dependency updates.
  • Enhanced workflow permissions and integrated additional CI/CD notifications.

[github-actions]

PR checklist ✅

All required conditions are satisfied:

• Title length is OK (or ignored by label).
• At least one pr: label exists.
• Sections ### Goal, ### Implementation, and ### Testing are filled (or ignored for dependabot PRs).

🎉 Great job! This PR is ready for review.

[coderabbitai]

Walkthrough

This PR updates the stream-build-conventions-android dependency from version 0.11.0 to 0.12.1 across Gradle and GitHub Actions workflows. It adds Dependabot grouping for convention updates, adjusts workflow permissions, and wires a Slack webhook secret into the release workflow.

Changes

Stream Build Conventions Upstream Update

Layer / File(s)	Summary
Dependency Grouping .github/dependabot.yml	Adds groups.stream-conventions grouping for GitHub Actions pattern GetStream/stream-build-conventions-android and Gradle pattern io.getstream.* to batch related convention updates.
Version Declaration gradle/libs.versions.toml	streamConventions version bumped from 0.11.0 to 0.12.1, updating Gradle plugin versions across the build.
Workflow Version Updates .github/workflows/android.yml, .github/workflows/pr-clean-stale.yaml, .github/workflows/pr-quality.yml, .github/workflows/publish-new-version.yml	All reusable workflow references to GetStream/stream-build-conventions-android updated to @v0.12.1.
Workflow Permission & Secret Changes .github/workflows/pr-quality.yml, .github/workflows/publish-new-version.yml	pr-quality.yml removes issues: write permission; publish-new-version.yml adds slack-webhook-url input sourcing secrets.SLACK_WEBHOOK_ANDROID_CICD.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A rabbit hops through configs bright,
Where versions leap from old to new,
0.11 → 0.12.1 delight,
Slack notifications come on cue,
Dependencies grouped, workflows true! 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: bumping Stream conventions version to v0.12.1, which is the primary focus of the pull request.
Description check	✅ Passed	The description includes all required template sections (Goal, Implementation, Testing, Checklist) with substantial and relevant details explaining the changes and their rationale.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bump/conventions/0.12.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/android.yml (1)

21-21: ⚡ Quick win

Prefer pinning reusable workflow refs to a commit SHA (not a mutable tag).

Using @v0.12.1 works, but tags can be moved. This PR updates multiple reusable workflow refs across .github/workflows/android.yml, .github/workflows/pr-clean-stale.yaml, .github/workflows/pr-quality.yml, and .github/workflows/publish-new-version.yml—all currently pinned to the same mutable tag. Pinning these to their corresponding immutable commit SHAs hardens CI supply-chain security with minimal effort.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/android.yml at line 21, The workflow currently pins the
reusable workflow ref using a mutable tag ("uses:
GetStream/stream-build-conventions-android/.github/workflows/android-ci.yml@v0.12.1");
update this to the corresponding immutable commit SHA for that reusable workflow
(replace the `@v0.12.1` suffix with the exact commit SHA) and apply the same
change to the other workflow files referenced (pr-clean-stale.yaml,
pr-quality.yml, publish-new-version.yml) so all "uses:
GetStream/stream-build-conventions-android/…@<tag>" entries are pinned to their
commit SHAs.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/android.yml:
- Line 21: The workflow currently pins the reusable workflow ref using a mutable
tag ("uses:
GetStream/stream-build-conventions-android/.github/workflows/android-ci.yml@v0.12.1");
update this to the corresponding immutable commit SHA for that reusable workflow
(replace the `@v0.12.1` suffix with the exact commit SHA) and apply the same
change to the other workflow files referenced (pr-clean-stale.yaml,
pr-quality.yml, publish-new-version.yml) so all "uses:
GetStream/stream-build-conventions-android/…@<tag>" entries are pinned to their
commit SHAs.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 8c522a51-7afc-4f6a-a386-19eab2bf20d0

📥 Commits

Reviewing files that changed from the base of the PR and between 862b494 and 65197f8.

📒 Files selected for processing (6)

• .github/dependabot.yml
• .github/workflows/android.yml
• .github/workflows/pr-clean-stale.yaml
• .github/workflows/pr-quality.yml
• .github/workflows/publish-new-version.yml
• gradle/libs.versions.toml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud