Creates and updates your Dependabot configuration file, dependabot.yml
.
Hinge automatically creates and updates a repository's dependabot.yml
file, by recursively walking through the repository, identifying all supported Dependabot platform ecosystems, noting their paths relative to the repository root, and finally producing a YAML-compliant configuration in /.github/dependabot.yml
.
Dependabot is GitHub's flagship product for Supply Chain Security. Dependabot takes the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on.
You can use Homebrew to install hinge
using the following:
brew tap devops-kung-fu/homebrew-tap
brew install devops-kung-fu/homebrew-tap/hinge
To install hinge
, download the latest release [deb or rpm](https://github.com/devops-kung-fu/hinge/releases and install.
# Debian Example
dpkg -i hinge_1.0.1_linux_amd64.deb
### With a Go Development Environment
If you have a Go development environment set up, you can also simply do this:
``` bash
go install github.com/devops-kung-fu/hinge@latest
Hinge
DKFM - DevOps Kung Fu Mafia
https://github.com/devops-kung-fu/hinge
Version: 1.0.0
Creates or updates your Dependabot config.
Usage:
hinge [flags] path/to/repo
Examples:
hinge path/to/repo
Flags:
-d, --day string Specify a day to check for updates when using a weekly interval. (default "monday")
--debug Displays debug level log messages.
-h, --help help for hinge
-i, --interval string How often to check for new versions. (default "daily")
-t, --time string Specify a time of day to check for updates using 24 hour format (format: hh:mm). (default "05:00")
-z, --timezone string Specify a time zone. Valid timezones are available at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. (default "US/Pacific")
-v, --verbose Displays command line output. (default true)
--version version for hinge
Once hinge
is installed, you can run this command in the root of your git repository:
hinge .
NOTE: The provided path must be a git repository.
Flag | Notes |
---|---|
-d, --day | Must be a valid day of the week. (monday, tuesday, wednesday, thursday, friday, saturday, sunday). Defaults to monday if using a weekly interval. |
-i, --interval | Must be one of the following: daily, weekly, monthly. Defaults to daily. |
-z, --timezone | Must be a timezone listed at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. Defaults to "US/Pacific if not explicitly defined. |
In order to use contribute and participate in the development of hinge
you'll need to have an updated Go environment. Before you start, please view the Contributing and Code of Conduct files in this repository.
This project makes use of DKFM tools such as Hookz and other open source tooling. Install these tools with the following commands:
go install github.com/devops-kung-fu/hookz@latest
go install github.com/kisielk/errcheck@latest
go install golang.org/x/lint/golint@latest
go install github.com/fzipp/gocyclo@latest
hinge
uses the CycloneDX to generate a Software Bill of Materials in CycloneDX format (v1.4) every time a developer commits code to this repository (as long as Hookz is being used and has been initialized in the working directory). More information for CycloneDX is available here
The current SBoM for hinge
is available here.
A big thank-you to our friends at Freepik for the hinge
logo.