Skip to content

Add dependency groups to Dependabot configuration #525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 28, 2023
Merged

Add dependency groups to Dependabot configuration #525

merged 2 commits into from
Aug 28, 2023

Conversation

@jtrobles-cdd
Copy link
Member

@jtrobles-cdd jtrobles-cdd commented Aug 28, 2023

Dependabot grouped updates are currently in beta and is subject to change.

By default, Dependabot raises a single pull request for each dependency
that needs to be updated to a newer version. You can use groups to
create sets of dependencies (per package manager), so that Dependabot
opens a single pull request to update multiple dependencies at the
same time.

  • Add group for development dependencies to Python dependencies.
  • Add group for production dependencies to GitHub Actions dependencies.

Related documentation: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups

@jtrobles-cdd
chore: Exclude bumpversion from Dependabot updates
b123f1b 
We will not update `bumpversion` with Dependabot until we have examined
the changes in the new version and determined that it is safe to update.
@jtrobles-cdd
chore: Add dependency groups to Dependabot configuration
7f0f42d 
> Dependabot grouped updates are currently in beta and is subject to change.
>
> By default, Dependabot raises a single pull request for each dependency
> that needs to be updated to a newer version. You can use `groups` to
> create sets of dependencies (per package manager), so that Dependabot
> opens a single pull request to update multiple dependencies at the
> same time.

- Add group for development dependencies to Python dependencies.
- Add group for production dependencies to GitHub Actions dependencies.

Related documentation:
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
@jtrobles-cdd jtrobles-cdd added the task Task or chore label Aug 28, 2023
@jtrobles-cdd jtrobles-cdd self-assigned this Aug 28, 2023
@jtrobles-cdd jtrobles-cdd requested a review from a team as a code owner August 28, 2023 22:27
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 28, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@jtrobles-cdd jtrobles-cdd merged commit 2dc1f59 into develop Aug 28, 2023
@jtrobles-cdd jtrobles-cdd deleted the task/add-dependabot-dep-groups branch August 28, 2023 22:41
@svillegas-cdd svillegas-cdd mentioned this pull request Sep 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jtrobles-cdd jtrobles-cdd

Labels

task Task or chore

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jtrobles-cdd