diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6ada163..414026e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,16 +1,51 @@ version: 2 updates: - - package-ecosystem: "nuget" - directory: "/" + # https://devblogs.microsoft.com/dotnet/using-dependabot-to-manage-dotnet-sdk-updates/ + - package-ecosystem: "dotnet-sdk" + directory: / + schedule: + interval: "weekly" + day: "tuesday" + open-pull-requests-limit: 1 + + # NuGet package updates + - package-ecosystem: nuget + directory: / schedule: interval: "weekly" day: "sunday" open-pull-requests-limit: 3 rebase-strategy: disabled - - package-ecosystem: "github-actions" - directory: "/" + groups: + microsoft-sbom: + patterns: ['Microsoft.Sbom.Targets'] + Microsoft.NET.Test.Sdk: + patterns: ['Microsoft.NET.Test.Sdk'] + coverlet.collector: + patterns: ['coverlet.collector'] + testcontainers: + patterns: ['Testcontainers*'] + microsoft: + patterns: [Microsoft.*, System.*] + xunit: + patterns: [xunit.*] + # Grouping for Testcontainers + kafka: + patterns: ['Confluent.Kafka'] + RabbitMQ.Client: + patterns: ['RabbitMQ.Client'] + RestAssured.Net: + patterns: ['RestAssured.Net'] + all-dependencies: + patterns: ['*'] + +# Github Actions updates + - package-ecosystem: github-actions + directory: / schedule: interval: "weekly" day: "sunday" open-pull-requests-limit: 3 rebase-strategy: disabled + + \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8a9f3d0..8db7062 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: id-token: write steps: - name: Checkout Code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: ssh-key: ${{ secrets.RELEASE_DEPLOY_KEY }} lfs: true