-
-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configured dependabot to update packages #294 #295
Conversation
Added end of line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After reviewing the documentation and the code in this PR, I believe it shall work as intended to help us keep dependencies up to date automatically.
We can always make minor changes to this if there becomes a problem.
Approving for merge.
@gbowne1 - can you add all the labels to this PR? |
Not really necessary, but ok, I can. Anyone can add labels, iirc. |
I'm not able to add the labels I think. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
This should help us keep this updated without having to do a lot of extra manual work. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work! Approving changes.
Summary
Configured dependabot to update the packages by weekly in client, server and e2e packages. Max of 2 PRs will be created in client/server and 1 will be created e2e if there is any new updates available.
Now, I have a configured a bare minimum dependabot setup to update the packages. We can later add or update the configuration in the dependabot.yml file.
Here is the config options for dependabot: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#configuration-options-for-the-dependabotyml-file
Note
As of now, we there is no option to using glob patterns or providing multiple path to the dependabot to pick the package.json in the nested folders. So for now, we have to duplicate the update config for each package folders.
Dependabot issue can be found here: dependabot/dependabot-core#2178 dependabot/dependabot-core#3951