-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathdependabot.yml
More file actions
80 lines (76 loc) · 2.03 KB
/
dependabot.yml
File metadata and controls
80 lines (76 loc) · 2.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# Dependabot configuration for socket-python-cli.
#
# Design notes:
# - Python deps are grouped into ONE weekly PR (minor/patch) and a separate
# PR for major bumps. Drastically reduces PR clutter compared to the
# default behavior of one PR per package.
# - GitHub Actions are grouped similarly into one weekly PR.
# - Docker (the project Dockerfile) is tracked separately.
# - The e2e test fixtures under `tests/e2e/fixtures/` are INTENTIONALLY
# omitted: those manifests exist to exercise Socket scanning and should
# be chosen for the supply-chain signal they expose, not auto-bumped.
# - 7-day cooldown across all ecosystems gives upstream maintainers time
# to pull bad releases before we receive a PR.
version: 2
updates:
# Main app Python deps (uv-tracked)
- package-ecosystem: "uv"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 2
groups:
python-minor-patch:
patterns:
- "*"
update-types:
- "minor"
- "patch"
python-major:
patterns:
- "*"
update-types:
- "major"
labels:
- "dependencies"
- "python:uv"
commit-message:
prefix: "chore"
include: "scope"
cooldown:
default-days: 7
# GitHub Actions used in workflows
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 2
groups:
github-actions-minor-patch:
patterns:
- "*"
update-types:
- "minor"
- "patch"
labels:
- "dependencies"
- "github-actions"
commit-message:
prefix: "ci"
include: "scope"
cooldown:
default-days: 7
# Project Dockerfile base images and pinned binaries
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 2
labels:
- "dependencies"
- "docker"
commit-message:
prefix: "chore"
include: "scope"
cooldown:
default-days: 7