Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Dependabot config #234

Merged
merged 2 commits into from
Nov 22, 2023
Merged

Update Dependabot config #234

merged 2 commits into from
Nov 22, 2023

Conversation

edmorley
Copy link
Contributor

Dependabot updates for GitHub Actions are now enabled, for parity with the other repos.

In addition, Go minor/patch dependencies will now be grouped, using the new Dependabot grouping feature:
https://github.blog/changelog/2023-08-17-grouped-version-updates-by-semantic-version-level-for-dependabot/

Major updates, as well as security updates will still be opened as separate PRs. I've not grouped GitHub Actions update PRs, since the volume is typically much lower for those.

Lastly, the schedule has been changed from daily to weekly.

This reduces project maintenance toil (no more having to manually create combined update PRs), plus makes it less painful for contributors to subscribe to repository notifications (currently there is a lot of noise from Dependabot PRs being opened/auto-rebased etc).

@edmorley
Update Dependabot config
6ab5b4f 
Dependabot updates for GitHub Actions are now enabled, for parity
with the other repos.

In addition, Go minor/patch dependencies will now be grouped, using
the new Dependabot grouping feature:
https://github.blog/changelog/2023-08-17-grouped-version-updates-by-semantic-version-level-for-dependabot/

Major updates, as well as security updates will still be opened as
separate PRs. I've not grouped GitHub Actions update PRs, since the
volume is typically much lower for those.

Lastly, the schedule has been changed from daily to weekly.

This reduces project maintenance toil (no more having to manually create
combined update PRs), plus makes it less painful for contributors to
subscribe to repository notifications (currently there is a lot of noise
from Dependabot PRs being opened/auto-rebased etc).

Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com>
@edmorley edmorley requested review from a team as code owners October 27, 2023 10:06
@edmorley edmorley mentioned this pull request Oct 27, 2023
Merged
@edmorley
Copy link
Contributor Author

edmorley commented Nov 9, 2023

Gentle nudge for review/merge :-)

@jjbustamante jjbustamante added type:enhancement A general enhancement semver:patch A change requiring a patch version bump labels Nov 22, 2023
@jjbustamante jjbustamante merged commit f0ed5cb into buildpacks:main Nov 22, 2023
5 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jjbustamante jjbustamante jjbustamante approved these changes

Assignees
No one assigned
Labels
semver:patch A change requiring a patch version bump type:enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@edmorley @jjbustamante