Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependabot configuration file #797

Merged
merged 1 commit into from
Sep 14, 2023
Merged

Add dependabot configuration file #797

merged 1 commit into from
Sep 14, 2023

Conversation

jrfnl
Copy link
Collaborator

@jrfnl jrfnl commented Sep 12, 2023

This commit adds an initial Dependabot configuration to:

  • Submit pull requests for security updates and version updates for GH Action runner dependencies.

At a later point in time, we could consider enabling it for Composer dependencies as well.

The configuration has been set up to:

  • Run weekly (for now).
  • Submit a maximum of 5 pull requests at a time. If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged.
  • The commit messages for PRs submitted by Dependabot will be prefixed according the unofficial conventions used in this repo up to now.
  • The PRs will automatically be labelled with an appropriate label as already in use in this repo.

Refs:

@jrfnl jrfnl added this to the 3.x milestone Sep 12, 2023
@jrfnl jrfnl requested a review from a team as a code owner September 12, 2023 16:06
GaryJones
GaryJones requested changes Sep 13, 2023
View reviewed changes
.github/dependabot.yml Outdated Show resolved Hide resolved
.github/dependabot.yml Show resolved Hide resolved
@jrfnl
Add dependabot configuration file
263d13c 
This commit adds an initial Dependabot configuration to:
* Submit pull requests for security updates and version updates for GH Action runner dependencies.

At a later point in time, we could consider enabling it for Composer dependencies as well.

The configuration has been set up to:
* Run weekly (for now).
* The commit messages for PRs submitted by Dependabot will be prefixed according the unofficial conventions used in this repo up to now.
* The PRs will automatically be labelled with an appropriate label as already in use in this repo.

Refs:
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy
@jrfnl jrfnl force-pushed the feature/enable-and-configure-dependabot branch from c7a63ac to 263d13c Compare September 13, 2023 12:25
GaryJones
GaryJones approved these changes Sep 14, 2023
View reviewed changes
Copy link
Contributor

@GaryJones GaryJones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@GaryJones GaryJones merged commit eb2d837 into develop Sep 14, 2023
39 checks passed
@GaryJones GaryJones deleted the feature/enable-and-configure-dependabot branch September 14, 2023 06:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GaryJones GaryJones GaryJones approved these changes

Assignees
No one assigned
Labels
Type: Maintenance
Projects
None yet
Milestone
3.0.1
Development

Successfully merging this pull request may close these issues.
2 participants
@jrfnl @GaryJones