chore: updating dependabot config #1902
Conversation
.github/dependabot.yml
Outdated
|
|
||
| # Maintain dependencies for Java | ||
| - package-ecosystem: maven |
There was a problem hiding this comment.
We don't use maven, we use gradle
.github/dependabot.yml
Outdated
| # Maintain dependencies for Java | ||
| - package-ecosystem: maven | ||
| directory: / |
There was a problem hiding this comment.
gradle project is only at /app/android
.github/dependabot.yml
Outdated
|
|
||
| # Maintain dependencies for Objective-C | ||
| - package-ecosystem: cocoapods |
There was a problem hiding this comment.
I am not sure there is support for cocoapods: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
.github/dependabot.yml
Outdated
|
|
||
| # Maintain dependencies for Shell scripts | ||
| - package-ecosystem: pip |
There was a problem hiding this comment.
We don't have any python/pip code. in this repo
There was a problem hiding this comment.
Maybe a gem for Ruby? Cocopods is in Ruby AFAIK
.github/dependabot.yml
Outdated
|
|
||
| # Maintain dependencies for Ruby | ||
| - package-ecosystem: bundler |
There was a problem hiding this comment.
Ruby gems (bundler) might specific to /app (where Gemfile and Gemfile.lock is located)
There was a problem hiding this comment.
@rajpalc7, Please ensure you test your changes. For me Dependabot is reporting the file contains some invalid syntax.
Additional comments:
- There are Dependancy files at the root level of the repository too;
yarn.lock, andpackage.jsonfor example.
rajpalc7
force-pushed
the
dependabot
branch
2 times, most recently
from
70f46c6
to
a53a7e2
Compare
There was a problem hiding this comment.
@rajpalc7, Overall you're close.
- I'd like to see the consistency with the
""like we've talked about. - You're missing one dependency file
- There is one set of update sections I'd like to see added as a contingency.
Likely best to have a quick call to go over this to wrap things up.
rajpalc7
changed the title
|
Thanks @WadeBarnes , This is ready for review now. |
.github/dependabot.yml
Outdated
| - package-ecosystem: "npm" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "weekly" | ||
| day: "monday" | ||
| time: "04:00" | ||
| timezone: "Canada/Pacific" | ||
| ignore: | ||
| - dependency-name: "*" | ||
| update-types: ["version-update:semver-major"] | ||
|
|
||
| # Maintain dependencies for TypeScript and JavaScript | ||
| - package-ecosystem: "npm" | ||
| directory: "/app" | ||
| schedule: | ||
| interval: "weekly" | ||
| day: "monday" | ||
| time: "04:00" | ||
| timezone: "Canada/Pacific" | ||
| ignore: | ||
| - dependency-name: "*" | ||
| update-types: ["version-update:semver-major"] | ||
|
|
||
| # Maintain dependencies for TypeScript and JavaScript | ||
| - package-ecosystem: "npm" | ||
| directory: "/scripts/gpublish" | ||
| schedule: | ||
| interval: "weekly" | ||
| day: "monday" | ||
| time: "04:00" | ||
| timezone: "Canada/Pacific" | ||
| ignore: | ||
| - dependency-name: "*" | ||
| update-types: ["version-update:semver-major"] |
.github/dependabot.yml
Outdated
| - package-ecosystem: "gradle" | ||
| directory: "/app/android" | ||
| schedule: | ||
| interval: "weekly" | ||
| day: "monday" | ||
| time: "04:00" | ||
| timezone: "Canada/Pacific" | ||
|
|
||
| # Maintain dependencies for Gradle | ||
| - package-ecosystem: "gradle" | ||
| directory: "/app/android/app" | ||
| schedule: | ||
| interval: "weekly" | ||
| day: "monday" | ||
| time: "04:00" | ||
| timezone: "Canada/Pacific" | ||
|
|
||
| # Maintain dependencies for Ruby | ||
| - package-ecosystem: "bundler" | ||
| directory: "/app" | ||
| schedule: | ||
| interval: "weekly" | ||
| day: "monday" | ||
| time: "04:00" | ||
| timezone: "Canada/Pacific" |
There was a problem hiding this comment.
@rajpalc7, You're missing the ignore patterns as discussed for the gradle and bundler update sections. Please use the pip ignore pattern as discussed.
There was a problem hiding this comment.
Thanks @WadeBarnes , I have made the changes as per your suggestion.
rajpalc7
force-pushed
the
dependabot
branch
2 times, most recently
from
491bda8
to
5427836
Compare
jleach
changed the title
| time: "04:00" | ||
| timezone: "Canada/Pacific" | ||
| - package-ecosystem: "docker" |
There was a problem hiding this comment.
Can you put one space between these two lines. Sorry to nitpick but we may as well be consistent.
There was a problem hiding this comment.
@jleach space done
.github/dependabot.yml
Outdated
| # Maintain dependencies for TypeScript and JavaScript | ||
| - package-ecosystem: "npm" | ||
| directory: "/app" |
There was a problem hiding this comment.
dependabot-core#4993 suggests that monorepo is supported, and it will follow workspaces (so we probably don't need /app since the lock file is at the root). Please verify and update accordingly.
There was a problem hiding this comment.
thanks @cvarjao , you are correct, i have removed directory /app from the commit
…d docker Signed-off-by: Rajpal Chauhan <[email protected]>
|
Update dependabot to support Javascript, Typescript, Gradle, Ruby and Docker.