-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: updating dependabot config #1902
Conversation
.github/dependabot.yml
Outdated
|
||
# Maintain dependencies for Java | ||
- package-ecosystem: maven |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't use maven, we use gradle
.github/dependabot.yml
Outdated
# Maintain dependencies for Java | ||
- package-ecosystem: maven | ||
directory: / |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gradle project is only at /app/android
.github/dependabot.yml
Outdated
|
||
# Maintain dependencies for Objective-C | ||
- package-ecosystem: cocoapods |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure there is support for cocoapods: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
.github/dependabot.yml
Outdated
|
||
# Maintain dependencies for Shell scripts | ||
- package-ecosystem: pip |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't have any python/pip code. in this repo
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe a gem for Ruby? Cocopods is in Ruby AFAIK
.github/dependabot.yml
Outdated
|
||
# Maintain dependencies for Ruby | ||
- package-ecosystem: bundler |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ruby gems (bundler) might specific to /app
(where Gemfile
and Gemfile.lock
is located)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rajpalc7, Please ensure you test your changes. For me Dependabot is reporting the file contains some invalid syntax.
Additional comments:
- There are Dependancy files at the root level of the repository too;
yarn.lock
, andpackage.json
for example.
70f46c6
to
a53a7e2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rajpalc7, Overall you're close.
- I'd like to see the consistency with the
""
like we've talked about. - You're missing one dependency file
- There is one set of update sections I'd like to see added as a contingency.
Likely best to have a quick call to go over this to wrap things up.
Thanks @WadeBarnes , This is ready for review now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.github/dependabot.yml
Outdated
- package-ecosystem: "npm" | ||
directory: "/" | ||
schedule: | ||
interval: "weekly" | ||
day: "monday" | ||
time: "04:00" | ||
timezone: "Canada/Pacific" | ||
ignore: | ||
- dependency-name: "*" | ||
update-types: ["version-update:semver-major"] | ||
|
||
# Maintain dependencies for TypeScript and JavaScript | ||
- package-ecosystem: "npm" | ||
directory: "/app" | ||
schedule: | ||
interval: "weekly" | ||
day: "monday" | ||
time: "04:00" | ||
timezone: "Canada/Pacific" | ||
ignore: | ||
- dependency-name: "*" | ||
update-types: ["version-update:semver-major"] | ||
|
||
# Maintain dependencies for TypeScript and JavaScript | ||
- package-ecosystem: "npm" | ||
directory: "/scripts/gpublish" | ||
schedule: | ||
interval: "weekly" | ||
day: "monday" | ||
time: "04:00" | ||
timezone: "Canada/Pacific" | ||
ignore: | ||
- dependency-name: "*" | ||
update-types: ["version-update:semver-major"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.github/dependabot.yml
Outdated
- package-ecosystem: "gradle" | ||
directory: "/app/android" | ||
schedule: | ||
interval: "weekly" | ||
day: "monday" | ||
time: "04:00" | ||
timezone: "Canada/Pacific" | ||
|
||
# Maintain dependencies for Gradle | ||
- package-ecosystem: "gradle" | ||
directory: "/app/android/app" | ||
schedule: | ||
interval: "weekly" | ||
day: "monday" | ||
time: "04:00" | ||
timezone: "Canada/Pacific" | ||
|
||
# Maintain dependencies for Ruby | ||
- package-ecosystem: "bundler" | ||
directory: "/app" | ||
schedule: | ||
interval: "weekly" | ||
day: "monday" | ||
time: "04:00" | ||
timezone: "Canada/Pacific" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rajpalc7, You're missing the ignore patterns as discussed for the gradle
and bundler
update sections. Please use the pip
ignore pattern as discussed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @WadeBarnes , I have made the changes as per your suggestion.
491bda8
to
5427836
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
time: "04:00" | ||
timezone: "Canada/Pacific" | ||
- package-ecosystem: "docker" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you put one space between these two lines. Sorry to nitpick but we may as well be consistent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jleach space done
.github/dependabot.yml
Outdated
# Maintain dependencies for TypeScript and JavaScript | ||
- package-ecosystem: "npm" | ||
directory: "/app" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dependabot-core#4993 suggests that monorepo is supported, and it will follow workspaces (so we probably don't need /app
since the lock file is at the root). Please verify and update accordingly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @cvarjao , you are correct, i have removed directory /app from the commit
…d docker Signed-off-by: Rajpal Chauhan <[email protected]>
Quality Gate passedIssues Measures |
Update dependabot to support Javascript, Typescript, Gradle, Ruby and Docker.