Skip to content

Add dependabot configuration file#797

Merged
GaryJones merged 1 commit intodevelopfrom
feature/enable-and-configure-dependabot
Sep 14, 2023
Merged

Add dependabot configuration file#797
GaryJones merged 1 commit intodevelopfrom
feature/enable-and-configure-dependabot

Conversation

@jrfnl
Copy link
Copy Markdown
Collaborator

@jrfnl jrfnl commented Sep 12, 2023

This commit adds an initial Dependabot configuration to:

  • Submit pull requests for security updates and version updates for GH Action runner dependencies.

At a later point in time, we could consider enabling it for Composer dependencies as well.

The configuration has been set up to:

  • Run weekly (for now).
  • Submit a maximum of 5 pull requests at a time. If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged.
  • The commit messages for PRs submitted by Dependabot will be prefixed according the unofficial conventions used in this repo up to now.
  • The PRs will automatically be labelled with an appropriate label as already in use in this repo.

Refs:

@jrfnl jrfnl added this to the 3.x milestone Sep 12, 2023
@jrfnl jrfnl requested a review from a team as a code owner September 12, 2023 16:06
GaryJones
GaryJones requested changes Sep 13, 2023
View reviewed changes
Comment thread .github/dependabot.yml Outdated
Comment thread .github/dependabot.yml
@jrfnl
Add dependabot configuration file
263d13c 
This commit adds an initial Dependabot configuration to:
* Submit pull requests for security updates and version updates for GH Action runner dependencies.

At a later point in time, we could consider enabling it for Composer dependencies as well.

The configuration has been set up to:
* Run weekly (for now).
* The commit messages for PRs submitted by Dependabot will be prefixed according the unofficial conventions used in this repo up to now.
* The PRs will automatically be labelled with an appropriate label as already in use in this repo.

Refs:
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy
@jrfnl jrfnl force-pushed the feature/enable-and-configure-dependabot branch from c7a63ac to 263d13c Compare September 13, 2023 12:25
GaryJones
GaryJones approved these changes Sep 14, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@GaryJones GaryJones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@GaryJones GaryJones merged commit eb2d837 into develop Sep 14, 2023
@GaryJones GaryJones deleted the feature/enable-and-configure-dependabot branch September 14, 2023 06:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GaryJones GaryJones GaryJones approved these changes

Assignees

No one assigned

Labels

Type: Maintenance

Projects

None yet

Milestone

3.0.1

Development

Successfully merging this pull request may close these issues.

2 participants

@jrfnl @GaryJones