-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into update-dependencies
- Loading branch information
Showing
5 changed files
with
100 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
# Enable dependabot, a tool to automatically propose dependency updates | ||
|
||
# Copyright the Linux Foundation and the CII Best Practices badge contributors | ||
# SPDX-License-Identifier: MIT | ||
|
||
# It's possible to enable dependabot via just GitHub project settings, | ||
# and we did that for a while. However, when a project does that, | ||
# it's harder for others (such as OpenSSF Scorecard) to realize or verify | ||
# that the project has dependabot enabled. Creating this dependabot.yml | ||
# file makes easier to *verify* that automatic dependency update proposals | ||
# are happening. This also gives finer-grained control. | ||
|
||
# For more information, see: | ||
# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates | ||
|
||
version: 2 | ||
updates: | ||
# Keep our GitHub actions up to date. | ||
- package-ecosystem: "github-actions" | ||
target-branch: "main" | ||
directory: "/" | ||
schedule: | ||
interval: "weekly" | ||
labels: | ||
- "github" | ||
- "dependencies" | ||
pull-request-branch-name: | ||
# Separate sections of the branch name with a hyphen | ||
# for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1` | ||
separator: "-" | ||
reviewers: | ||
- "@raito-io/back-end" | ||
groups: | ||
combined: | ||
# Define patterns to include dependencies in the group (based on dependency name) | ||
patterns: | ||
- "*" | ||
# Maintain dependencies for npm | ||
- package-ecosystem: "gomod" | ||
target-branch: "main" | ||
directory: "/" | ||
schedule: | ||
interval: "weekly" | ||
labels: | ||
- "gomod" | ||
- "dependencies" | ||
pull-request-branch-name: | ||
# Separate sections of the branch name with a hyphen | ||
# for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1` | ||
separator: "-" | ||
reviewers: | ||
- "@raito-io/back-end" | ||
groups: | ||
combined: | ||
# Define patterns to include dependencies in the group (based on dependency name) | ||
patterns: | ||
- "*" | ||
# Maintain dependencies for terraform | ||
- package-ecosystem: "terraform" | ||
target-branch: "main" | ||
directory: "/.infra" | ||
schedule: | ||
interval: "weekly" | ||
labels: | ||
- "terraform" | ||
- "dependencies" | ||
pull-request-branch-name: | ||
# Separate sections of the branch name with a hyphen | ||
# for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1` | ||
separator: "-" | ||
reviewers: | ||
- "@raito-io/back-end" | ||
groups: | ||
combined: | ||
# Define patterns to include dependencies in the group (based on dependency name) | ||
patterns: | ||
- "*" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters