From 43f6936bcd38d61e0c082ff8a3634ee069ae150d Mon Sep 17 00:00:00 2001 From: Luke Heath Date: Wed, 11 Oct 2023 12:56:23 -0500 Subject: [PATCH] Add dependabot configuration (#14447) --- .github/dependabot.yml | 93 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 89 insertions(+), 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 67d3c77a8c..bfdb88bf98 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,90 @@ +# Basic set up for Actions and Docker. Security updates enabled via GitHub settings for other ecosystems. + version: 2 -# updates intentionally left empty, as we were seeing too much volume of PRs, and breakages -# introduced by dependency version updates. Dependabot will continue to open security-related PRs, -# but non-security dependency updates must be done manually. -updates: [] +updates: + +# Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + pull-request-branch-name: + # Default is "/" which makes "docker tag" fail with + # "not a valid repository/tag: invalid reference format". + separator: "-" + # Add assignees + assignees: + - "lukeheath" + +# Maintain dependencies for Dockerfiles + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "daily" + reviewers: + - "fleetdm/go" + - "fleetdm/infra" + pull-request-branch-name: + # Default is "/" which makes "docker tag" fail with + # "not a valid repository/tag: invalid reference format". + separator: "-" + # Add assignees + assignees: + - "fleetdm/go" + - "fleetdm/infra" + +# Maintain dependencies for website NPM + - package-ecosystem: "npm" + directory: "/website" + labels: + - "website" + schedule: + interval: "daily" + # Disable version updates + open-pull-requests-limit: 0 + allow: + - dependency-type: "production" + reviewers: + - "eashaw" + pull-request-branch-name: + # Default is "/" which makes "docker tag" fail with + # "not a valid repository/tag: invalid reference format". + separator: "-" + assignees: + - "eashaw" + +# Maintain dependencies for Go + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "daily" + # Disable version updates + open-pull-requests-limit: 0 + reviewers: + - lucasmrod + pull-request-branch-name: + # Default is "/" which makes "docker tag" fail with + # "not a valid repository/tag: invalid reference format". + separator: "-" + # Add assignees + assignees: + - lucasmrod + +# Maintain dependencies for npm + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + # Disable version updates + open-pull-requests-limit: 0 + reviewers: + - lukeheath + allow: + - dependency-type: "production" + pull-request-branch-name: + # Default is "/" which makes "docker tag" fail with + # "not a valid repository/tag: invalid reference format". + separator: "-" + # Add assignees + assignees: + - lukeheath \ No newline at end of file