-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci(dependabot): fix incorrect syntax in dependabot config
- Loading branch information
1 parent
df61c2e
commit 1ac21b1
Showing
1 changed file
with
23 additions
and
57 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,81 +1,47 @@ | ||
--- | ||
# This dependabot.yml configuration takes precedence over the GitHub UI settings. | ||
# It defines how Dependabot will manage version and security updates for dependencies. | ||
# - Version updates (pip & GitHub Actions) are scheduled monthly and include only minor updates, excluding patch versions. | ||
# - Security updates (pip & GitHub Actions) are checked daily and grouped by critical or high-severity vulnerabilities. | ||
# - The configuration also specifies custom commit messages, reviewers, and labels to manage PRs effectively. | ||
# This Dependabot configuration enables automatic updates for pip and GitHub Actions. | ||
# This config file present in repo on path '.github/dependabot.yml' takes precedence over the GitHub UI settings. | ||
|
||
# After adding this config to a new repository, make sure to also: | ||
# 1. Enable "Dependabot alerts" in the repository settings under | ||
# Settings > Security & Analysis > Code security > Dependabot alerts | ||
# (unless it is already set at the organization level). | ||
# 2. Enable "Dependabot security updates" to automatically create PRs for vulnerable dependencies | ||
# (unless it is already set at the organization level). | ||
# 3. Optionally, configure Dependabot rules in the Code security settings for additional alert management | ||
|
||
version: 2 | ||
|
||
updates: | ||
# PIP Version updates | ||
- package-ecosystem: pip | ||
versioning-strategy: increase-if-necessary | ||
directory: '/' | ||
schedule: {interval: monthly, time: '09:00'} # First day of the month, time UTC | ||
groups: | ||
pip-version-updates: | ||
applies-to: version-updates | ||
update-types: [minor] # Group only minor version updates (for major create separate PR, ignore patch) | ||
ignore: | ||
- dependency-name: '*' | ||
update-types: ['version-update:semver-patch'] # Do not update patch versions | ||
commit-message: {prefix: 'ci(deps-pip): [skip ci]'} | ||
reviewers: ['tomassebestik'] | ||
labels: ['dependencies', 'Status: Reviewing'] | ||
pull-request-branch-name: {separator: '-'} | ||
insecure-external-code-execution: deny | ||
|
||
# PIP Security updates | ||
- package-ecosystem: pip | ||
versioning-strategy: increase-if-necessary | ||
directory: '/' | ||
schedule: {interval: daily, time: '09:00'} | ||
open-pull-requests-limit: 0 # Only security updates | ||
schedule: {interval: weekly, day: monday, time: '05:00', timezone: Europe/Prague} | ||
groups: | ||
pip-security-updates: | ||
applies-to: security-updates | ||
update-types: [minor, patch] # Group minor and patch security updates (for major create separate PR) | ||
commit-message: {prefix: 'ci(deps-pip): [skip ci]'} | ||
reviewers: ['tomassebestik'] | ||
labels: ['dependencies', 'Status: Reviewing'] | ||
pull-request-branch-name: {separator: '-'} | ||
extend-update-types: | ||
- name: 'security' | ||
security-severities: ['CRITICAL', 'HIGH'] # Only high severity level security updates | ||
insecure-external-code-execution: deny | ||
|
||
# GitHub Actions Version updates | ||
- package-ecosystem: github-actions | ||
directory: '/' | ||
versioning-strategy: increase-if-necessary | ||
schedule: {interval: monthly, time: '09:00'} # First day of the month, time UTC | ||
groups: | ||
github-actions-version-updates: | ||
update-types: [minor, patch] | ||
pip-version-updates: | ||
applies-to: version-updates | ||
update-types: [minor] # Group only minor version updates (for major create separate PR, ignore patch) | ||
ignore: | ||
- dependency-name: '*' | ||
update-types: ['version-update:semver-patch'] # Do not update patch versions | ||
commit-message: {prefix: 'ci(deps-ci): [skip ci]'} | ||
update-types: [minor, patch] | ||
commit-message: {prefix: 'ci(dependabot-pip): [skip ci]'} | ||
reviewers: ['tomassebestik'] | ||
labels: ['dependencies', 'Status: Reviewing'] | ||
pull-request-branch-name: {separator: '-'} | ||
open-pull-requests-limit: 2 | ||
|
||
# GitHub Actions Security updates | ||
- package-ecosystem: github-actions | ||
directory: '/' | ||
versioning-strategy: increase-if-necessary | ||
schedule: {interval: daily, time: '09:00'} | ||
open-pull-requests-limit: 0 # Only security updates | ||
schedule: {interval: weekly, day: monday, time: '05:00', timezone: Europe/Prague} | ||
groups: | ||
github-actions-security-updates: | ||
applies-to: security-updates | ||
update-types: [minor, patch] # Group minor and patch security updates (for major create separate PR) | ||
commit-message: {prefix: 'ci(deps-ci): [skip ci]'} | ||
update-types: [minor, patch] | ||
github-actions-version-updates: | ||
applies-to: version-updates | ||
update-types: [minor, patch] | ||
commit-message: {prefix: 'ci(dependabot-ci): [skip ci]'} | ||
reviewers: ['tomassebestik'] | ||
labels: ['dependencies', 'Status: Reviewing'] | ||
pull-request-branch-name: {separator: '-'} | ||
extend-update-types: | ||
- name: 'security' | ||
security-severities: ['CRITICAL', 'HIGH'] # Only high severity level security updates | ||
open-pull-requests-limit: 2 |