Skip to content

Add dependabot configuration file #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 23, 2023
Merged

Add dependabot configuration file #148

merged 1 commit into from
Sep 23, 2023

Conversation

jrfnl
Copy link
Collaborator

@jrfnl jrfnl commented Sep 12, 2023

This commit adds an initial Dependabot configuration to:

  • Submit pull requests for security updates and version updates for GH Action runner dependencies.

At a later point in time, we could consider enabling it for Composer dependencies as well.

The configuration has been set up to:

  • Run weekly (for now).
  • Submit a maximum of 5 pull requests at a time. If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged.
  • The commit messages for PRs submitted by Dependabot will be prefixed according the unofficial conventions used in this repo up to now.
  • The PRs will automatically be labelled with an appropriate label as already in use in this repo.

Refs:

@jrfnl
Add dependabot configuration file
80580f4 
This commit adds an initial Dependabot configuration to:
* Submit pull requests for security updates and version updates for GH Action runner dependencies.

At a later point in time, we could consider enabling it for Composer dependencies as well.

The configuration has been set up to:
* Run weekly (for now).
* Submit a maximum of 5 pull requests at a time.
    If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged.
* The commit messages for PRs submitted by Dependabot will be prefixed according the unofficial conventions used in this repo up to now.
* The PRs will automatically be labelled with an appropriate label as already in use in this repo.

Refs:
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy
@jrfnl jrfnl added this to the 1.3.x Next milestone Sep 12, 2023
@jrfnl jrfnl requested a review from grogy September 12, 2023 21:14
grogy
grogy approved these changes Sep 23, 2023
View reviewed changes
Copy link
Member

@grogy grogy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect, settings for commit message makes sense. Thank you

@grogy grogy merged commit f1912ed into master Sep 23, 2023
@grogy grogy deleted the feature/add-dependabot-config-for-ghactions branch September 23, 2023 14:00
@grogy
Copy link
Member

grogy commented Sep 23, 2023

Please, can you confirm settings for repository?

obrazek

@jrfnl
Copy link
Collaborator Author

jrfnl commented Sep 23, 2023

@grogy The merge of this PR will automatically have enabled the bottom button as well ;-)

@grogy
Copy link
Member

grogy commented Sep 23, 2023

I am not sure that was correct. I will check it in other packages, thank you :)

@jrfnl jrfnl mentioned this pull request Mar 16, 2024
Closed
@jrfnl jrfnl mentioned this pull request Mar 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grogy grogy grogy approved these changes

Assignees
No one assigned
Labels
Type: chores/QA
Milestone
1.4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@jrfnl @grogy