add dependabot updates for Go, TypeScript, GitHub Actions

.github/dependabot.yml

@@ -0,0 +1,94 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    groups:
+      "GitHub Actions updates":
+        patterns:
+          - "*"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+  - package-ecosystem: "docker"
+    directory: "/frontend"
+    schedule:
+      interval: "monthly"
+  - package-ecosystem: "docker"
+    directory: "/backend/_example/memory_store"
+    schedule:
+      interval: "monthly"
+  - package-ecosystem: "docker"
+    directory: "/site"
+    schedule:
+      interval: "monthly"
+  - package-ecosystem: "gomod"
+    directory: "/backend"
+    schedule:
+      interval: "monthly"
+    groups:
+      "Go modules updates":
+        dependency-type: "production"
+      "Go modules updates for tests":
+        dependency-type: "development"
+  - package-ecosystem: "gomod"
+    directory: "/backend/_example/memory_store"
+    schedule:
+      interval: "monthly"
+    groups:
+      "Go modules updates":
+        dependency-type: "production"
+      "Go modules updates for tests":
+        dependency-type: "development"
+  - package-ecosystem: "npm"
+    directory: "/frontend"
+    schedule:
+      interval: "monthly"
+    groups:
+      "NPM modules updates":
+        dependency-type: "production"
+      "NPM modules updates for tests":
+        dependency-type: "development"
+  - package-ecosystem: "npm"
+    directory: "/frontend/packages/api"
+    schedule:
+      interval: "monthly"
+    groups:
+      "NPM modules updates":
+        dependency-type: "production"
+      "NPM modules updates for tests":
+        dependency-type: "development"
+  - package-ecosystem: "npm"
+    directory: "/frontend/e2e"
+    schedule:
+      interval: "monthly"
+    groups:
+      "NPM modules updates":
+        dependency-type: "production"
+      "NPM modules updates for tests":
+        dependency-type: "development"
+  - package-ecosystem: "npm"
+    directory: "/frontend/apps/remark42"
+    schedule:
+      interval: "monthly"
+    groups:
+      "NPM modules updates":
+        dependency-type: "production"
+      "NPM modules updates for tests":
+        dependency-type: "development"
+  - package-ecosystem: "npm"
+    directory: "/site"
+    schedule:
+      interval: "monthly"
+    groups:
+      "NPM modules updates":
+        dependency-type: "production"
+      "NPM modules updates for tests":
+        dependency-type: "development"

Dockerfile

@@ -89,7 +89,7 @@ LABEL org.opencontainers.image.authors="Umputun <umputun@gmail.com>" \
       org.opencontainers.image.description="Remark42 comment engine" \
       org.opencontainers.image.documentation="https://remark42.com/docs/getting-started/" \
       org.opencontainers.image.licenses="MIT" \
-      org.opencontainers.image.source="https://github.com/umputun/remark42.git" \
+      org.opencontainers.image.source="https://github.com/umputun/remark42" \
       org.opencontainers.image.title="Remark42" \
       org.opencontainers.image.url="https://remark42.com/" \
       org.opencontainers.image.revision="${GITHUB_SHA}"

Dockerfile.artifacts

@@ -59,6 +59,8 @@ RUN \
 
 
 FROM alpine
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#docker
+LABEL org.opencontainers.image.source="https://github.com/umputun/remark42"
 COPY --from=build-backend /build/backend/remark42.* /artifacts/
 RUN ls -la /artifacts/*
 CMD ["sleep", "100"]

backend/_example/memory_store/Dockerfile

@@ -13,7 +13,7 @@ LABEL org.opencontainers.image.authors="Umputun <umputun@gmail.com>" \
       org.opencontainers.image.description="Remark42 comment engine example JRPC memory store" \
       org.opencontainers.image.documentation="https://github.com/umputun/remark42/tree/master/backend/_example/memory_store" \
       org.opencontainers.image.licenses="MIT" \
-      org.opencontainers.image.source="https://github.com/umputun/remark42.git" \
+      org.opencontainers.image.source="https://github.com/umputun/remark42" \
       org.opencontainers.image.title="Remark42 JRPC example memory store" \
       org.opencontainers.image.url="https://remark42.com/" \
       org.opencontainers.image.revision="${GITHUB_SHA}"

frontend/Dockerfile.e2e

@@ -1,5 +1,8 @@
 FROM mcr.microsoft.com/playwright:v1.40.1-jammy
 
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#docker
+LABEL org.opencontainers.image.source="https://github.com/umputun/remark42"
+
 ENV CI true
 WORKDIR /frontend
 

site/Dockerfile

@@ -11,7 +11,7 @@ LABEL org.opencontainers.image.authors="Umputun <umputun@gmail.com>" \
       org.opencontainers.image.description="Remark42 site" \
       org.opencontainers.image.documentation="https://github.com/umputun/remark42/tree/master/site" \
       org.opencontainers.image.licenses="MIT" \
-      org.opencontainers.image.source="https://github.com/umputun/remark42.git" \
+      org.opencontainers.image.source="https://github.com/umputun/remark42" \
       org.opencontainers.image.title="Remark42 site" \
       org.opencontainers.image.url="https://remark42.com/"
 

site/Dockerfile.dev

@@ -1,5 +1,8 @@
 FROM node:20-alpine as build
 
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#docker
+LABEL org.opencontainers.image.source="https://github.com/umputun/remark42"
+
 WORKDIR /site
 COPY ./ /site
 RUN yarn --frozen-lockfile