|
1 | 1 | version: 2 |
2 | 2 | updates: |
3 | | - - package-ecosystem: composer |
4 | | - directory: "/" |
| 3 | +# |
| 4 | +# |
| 5 | +# [GHAction] |
| 6 | +# Based on https://github.com/yoanm/shared-config/blob/master/GitHub/dependabot/github-action.yml file |
| 7 | +# |
| 8 | + - package-ecosystem: github-actions |
| 9 | + directory: / |
5 | 10 | schedule: |
6 | | - interval: monthly |
7 | | - open-pull-requests-limit: 10 |
| 11 | + interval: weekly |
| 12 | + day: sunday # Create PRs during week-ends, they will be ready on monday morning |
| 13 | + commit-message: |
| 14 | + prefix: '[dependabot][ghaction] - ' # No need to specify prod/dev for GHAction as there is only "production" updates ! |
| 15 | + include: scope |
| 16 | + groups: |
| 17 | +# Group all basic updates inside the a single PR |
| 18 | +# No need to split prod/dev as there is only prod updates |
| 19 | + all-actions: |
| 20 | + applies-to: version-updates |
| 21 | + patterns: ['*'] |
| 22 | +# Group all security updates inside the a single PR |
| 23 | +# No need to split prod/dev as there is only prod updates |
| 24 | +# +Most likely no need to split major and other updates either |
| 25 | + SECURITY-all: |
| 26 | + applies-to: security-updates |
| 27 | + patterns: ['*'] |
| 28 | +# |
| 29 | +# |
| 30 | +# [Composer] |
| 31 | +# Based on https://github.com/yoanm/shared-config/blob/master/GitHub/dependabot/composer.yml file |
| 32 | +# |
| 33 | + - package-ecosystem: composer |
| 34 | + directory: / |
| 35 | + schedule: # Create PRs during week-ends, they will be ready on monday morning |
| 36 | + interval: weekly |
| 37 | + day: sunday |
| 38 | + versioning-strategy: widen |
| 39 | + commit-message: |
| 40 | + prefix: '[dependabot][prod][composer] - ' |
| 41 | + prefix-development: '[dependabot][dev][composer] - ' |
| 42 | + include: scope |
| 43 | + groups: |
| 44 | +# Split basic updates by: |
| 45 | +# - prod vs dev |
| 46 | +# - major vs others (assuming packages properly follow semver !) |
| 47 | + prod-majors: |
| 48 | + applies-to: version-updates |
| 49 | + dependency-type: production |
| 50 | + update-types: ['major'] |
| 51 | + patterns: ['*'] |
| 52 | + prod-others: |
| 53 | + applies-to: version-updates |
| 54 | + dependency-type: production |
| 55 | + patterns: ['*'] |
| 56 | + dev-majors: |
| 57 | + applies-to: version-updates |
| 58 | + dependency-type: development |
| 59 | + update-types: ['major'] |
| 60 | + patterns: ['*'] |
| 61 | + dev-others: |
| 62 | + applies-to: version-updates |
| 63 | + dependency-type: development |
| 64 | + patterns: ['*'] |
| 65 | +# Split security updates by: |
| 66 | +# - prod vs dev |
| 67 | +# @TODO - Uncomment the following group (and keep comment header below for explanation !) in case repository is for a library, else remove it ! |
| 68 | +# - Major prod updates vs other prod updates |
| 69 | +# SECURITY-prod-major: |
| 70 | +# applies-to: security-updates |
| 71 | +# dependency-type: production |
| 72 | +# update-types: ['major'] |
| 73 | +# patterns: ['*'] |
| 74 | + SECURITY-prod: |
| 75 | + applies-to: security-updates |
| 76 | + dependency-type: production |
| 77 | + patterns: ['*'] |
| 78 | + SECURITY-dev: |
| 79 | + applies-to: security-updates |
| 80 | + dependency-type: development |
| 81 | + patterns: ['*'] |
0 commit comments