KCLpy AWS credentials role change and dependabot auto-merge fix

.github/dependabot.yml

@@ -2,12 +2,11 @@ version: 2
 updates:
   - package-ecosystem: "pip"
     directory: "/"
-    open-pull-requests-limit: 2
     schedule: 
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "maven"
     directory: "/"
-    open-pull-requests-limit: 2
+    open-pull-requests-limit: 4
     schedule:
       interval: "daily"

.github/workflows/privileged-run.yml

@@ -5,13 +5,17 @@
 
 name: Sample Run and Dependabot Auto-merge
 on:
+  push:
+    branches: [ master ]
   pull_request_target:
     branches: [ master ]
   workflow_dispatch:
 
 permissions:
   id-token: write
   contents: write
+  pull-requests: write
+  statuses: write
 
 jobs:
   sample-run:
@@ -24,20 +28,22 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [ "3.8", "3.9", "3.10", "3.11" ]
+        python-version: [ "3.9", "3.10", "3.11" ]
         jdk-version: [ "8", "11", "17", "21", "24" ]
         os: [ ubuntu-latest, macOS-latest, windows-latest ]
 
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: us-east-1
-          role-to-assume: arn:aws:iam::751999266872:role/GitHubWorkflows
-          role-session-name: myGitHubActions
+          role-to-assume: arn:aws:iam::751999266872:role/GitHubPython
+          role-session-name: myGitHubActionsPython
 
       - name: Set up JDK ${{ matrix.jdk-version }}
         uses: actions/setup-java@v4
@@ -66,6 +72,8 @@ jobs:
           python -m build
           python setup.py download_jars
           python setup.py install
+        env:
+          KCL_MVN_REPO_SEARCH_URL: https://repo1.maven.org/maven2/
 
       - name: Put words to sample stream
         run: |
@@ -85,17 +93,25 @@ jobs:
   auto-merge-dependabot:
     needs: [sample-run]
     runs-on: ubuntu-latest
-    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    if: github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
       - name: Fetch Dependabot metadata
         id: metadata
         uses: dependabot/fetch-metadata@v2
         with:
           alert-lookup: true
           github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Enable auto-merge for Dependabot PRs
+
+      - name: Approve PR
         if: steps.metadata.outputs.update-type != 'version-update:semver-major'
-        run: gh pr merge --auto --merge "$PR_URL"
+        run: gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+#      - name: Enable auto-merge for Dependabot PRs
+#        if: steps.metadata.outputs.update-type != 'version-update:semver-major'
+#        run: gh pr merge --auto --merge "$PR_URL"
+#        env:
+#          PR_URL: ${{github.event.pull_request.html_url}}
+#          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

setup.py

@@ -114,8 +114,9 @@ def package_url(self, group_id, artifact_id, version):
         #
         # Sample url:
         # https://search.maven.org/remotecontent?filepath=org/apache/httpcomponents/httpclient/4.2/httpclient-4.2.jar
+        # https://repo1.maven.org/maven2/org/apache/httpcomponents/httpclient/4.2/httpclient-4.2.jar
         #
-        prefix = os.getenv("KCL_MVN_REPO_SEARCH_URL", 'https://search.maven.org/remotecontent?filepath=')
+        prefix = os.getenv("KCL_MVN_REPO_SEARCH_URL", 'https://repo1.maven.org/maven2/')
         return '{prefix}{path}/{artifact_id}/{version}/{dest}'.format(
                                         prefix=prefix,
                                         path='/'.join(group_id.split('.')),