-
Notifications
You must be signed in to change notification settings - Fork 38
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2897 from transcom/cg_configure_dependabot
Configure dependabot
- Loading branch information
Showing
5 changed files
with
74 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
# Settings found in https://dependabot.com/docs/config-file/ | ||
version: 1 | ||
update_configs: | ||
|
||
# Keep package.json (& lockfiles) up to date as soon as | ||
# new versions are published to the npm registry | ||
- package_manager: "javascript" | ||
directory: "/" | ||
update_schedule: "live" | ||
default_labels: | ||
- dependencies | ||
- automerge | ||
default_reviewers: | ||
- tinyels | ||
- chrisgilmerproj | ||
- jacquelineIO | ||
- sarboc | ||
- chrisrcoles | ||
|
||
# Keep go.mod (& go.sum) up to date daily | ||
- package_manager: "go:modules" | ||
directory: "/" | ||
update_schedule: "daily" | ||
default_labels: | ||
- dependencies | ||
- automerge | ||
default_reviewers: | ||
- tinyels | ||
- chrisgilmerproj | ||
- jacquelineIO | ||
- sarboc | ||
- chrisrcoles | ||
|
||
# Keep Dockerfile up to date, batching pull requests daily | ||
- package_manager: "docker" | ||
directory: "/" | ||
update_schedule: "daily" | ||
default_labels: | ||
- dependencies | ||
- automerge | ||
default_reviewers: | ||
- tinyels | ||
- chrisgilmerproj | ||
- jacquelineIO | ||
- sarboc | ||
- chrisrcoles |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# How to Manage Dependabot | ||
|
||
[Dependabot](https://dependabot.com) is used to monitor the repository dependencies and update them with automatic | ||
pull requests against the `master` branch in the repo. The configuration is done via a file named | ||
`.dependabot/config.yml`. Read more about [dependabot configuration](https://dependabot.com/docs/config-file/) in the | ||
docs. | ||
|
||
## Security | ||
|
||
We use dependabot as part of our security measures. It ensures that the repository dependencies are up to date and | ||
that any security vulnerabilities are caught as soon as new versions are published. Dependabot will even | ||
add security release information in the text of the PR. | ||
|
||
## Organization Level Settings | ||
|
||
The settings for the Transcom organization can be found in the [Account Settings](https://app.dependabot.com/accounts/transcom/settings) | ||
page. These manage settings for all repos under Transcom. | ||
|
||
## Repo Management | ||
|
||
Repo management should be done in the `.dependabot/config.yml` file. However, you can view and interact with | ||
settings temporarily via the [repo management page](https://app.dependabot.com/accounts/transcom/repos/114694829). | ||
This is a good place to try out new features without having to push a PR to the repository. |