From 175c7f4577ce6fae8b318cfea3d6cfbed164fea6 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Tue, 12 Sep 2023 20:31:49 +0200 Subject: [PATCH] Add dependabot configuration file This commit adds an initial Dependabot configuration to: * Submit pull requests for security updates and version updates for GH Action runner dependencies. This PR doesn't include a config for the Composer dependencies as those will always need managed updates for this repo. The configuration has been set up to: * Run weekly (for now). * Submit a maximum of 5 pull requests at a time. If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged. * The commit messages for PRs submitted by Dependabot will be prefixed according the unofficial conventions used in this repo up to now. * The PRs will automatically be labelled with an appropriate label as already in use in this repo. Refs: * https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file * https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy --- PHPCompatibilityMagento/dependabot.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 PHPCompatibilityMagento/dependabot.yml diff --git a/PHPCompatibilityMagento/dependabot.yml b/PHPCompatibilityMagento/dependabot.yml new file mode 100644 index 0000000..0f8ddb8 --- /dev/null +++ b/PHPCompatibilityMagento/dependabot.yml @@ -0,0 +1,16 @@ +# Dependabot configuration. +# +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + commit-message: + prefix: "GH Actions:" + labels: + - "chores/QA"