Skip to content

Comments

Add dependabot configuration file#130

Merged
jrfnl merged 1 commit intodevelopfrom
JRF/enable-and-configure-dependabot
Aug 5, 2022
Merged

Add dependabot configuration file#130
jrfnl merged 1 commit intodevelopfrom
JRF/enable-and-configure-dependabot

Conversation

@jrfnl
Copy link
Contributor

@jrfnl jrfnl commented Aug 5, 2022
edited
Loading

Context

  • CI maintenance

Summary

This PR can be summarized in the following changelog entry:

  • CI maintenance

Relevant technical choices:

This commit adds an initial Dependabot configuration to:

  • Submit pull requests for security updates and version updates for GH Action runner dependencies.

At a later point in time, we could consider enabling it for Composer/NPM dependencies as well.

The configuration has been set up to:

  • Run weekly (for now).
  • Submit a maximum of 5 pull requests at a time.
    If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged.
  • The commit messages for PRs submitted by Dependabot will be prefixed according the unofficial conventions used in this repo up to now.
  • The PRs will automatically be labelled with an appropriate label as already in use in this repo.

Refs:

Test instructions

Test instructions for the acceptance test before the PR gets merged

This PR can be acceptance tested by following these steps:

  • N/A

@jrfnl
Add dependabot configuration file
71280eb 
This commit adds an initial Dependabot configuration to:
* Submit pull requests for security updates and version updates for GH Action runner dependencies.

At a later point in time, we could consider enabling it for Composer dependencies as well.

The configuration has been set up to:
* Run weekly (for now).
* Submit a maximum of 5 pull requests at a time.
    If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged.
* The commit messages for PRs submitted by Dependabot will be prefixed according the unofficial conventions used in this repo up to now.
* The PRs will automatically be labelled with an appropriate label as already in use in this repo.

Refs:
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy
@jrfnl jrfnl added this to the Next release milestone Aug 5, 2022
@jrfnl jrfnl merged commit 6adf77c into develop Aug 5, 2022
@jrfnl jrfnl deleted the JRF/enable-and-configure-dependabot branch August 5, 2022 10:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

changelog: non-user-facing yoast cs/qa

Projects

None yet

Milestone

Next release

Development

Successfully merging this pull request may close these issues.

1 participant

@jrfnl