Renamed the file name to correct display errors (#834)

* Documenting ND-568 outcome Further to the implementation of ND-568, documented the current configurations of dependabot and the earlier renovate bot configuration whjich has been disabled temporarily to avoid conflicts between both. * Revert "Documenting ND-568 outcome" This reverts commit e7be263. * Documenting ND-568 outcome Further to the implementation of ND-568, documented the current configurations of dependabot and the earlier renovate bot configuration which has been disabled temporarily to avoid conflicts between both. * Renamed the file name to correct display errors Renamed the file to 014-use-dependabot-to-manage-dependency-updates.html.md.erb to correct the display format of the page ND-568
ministryofjustice · Dec 5, 2024 · 514f2c2 · 514f2c2
1 parent c2202da
commit 514f2c2
Showing 1 changed file with 41 additions and 0 deletions.
diff --git a/source/documentation/adrs/014-use-dependabot-to-manage-dependency-updates.html.md.erb b/source/documentation/adrs/014-use-dependabot-to-manage-dependency-updates.html.md.erb
@@ -0,0 +1,41 @@
+---
+owner_slack: "#nvvs-devops"
+title: 014 - Use Dependabot to manage dependency updates
+last_reviewed_on: 2024-12-05
+review_in: 6 months
+---
+
+# 014 - Use Dependabot to manage dependency updates
+Date: 2020-12-05
+
+## Status
+✅ Accepted
+
+## Context
+Both Renovate Bot and Dependabot are being used in our repository to manage dependency updates.
+This is leading to conflicts where both tools create separate pull requests (PRs) for the same dependencies, resulting in unnecessary duplication and management overhead.
+
+## Decision
+
+To use Dependabot, as its better suited for GitHub-based projects due to its simplicity, native integration, and focus on security, and temporarily disable renovate bot.
+
+Currently, Dependabot targets:
+
+- "bundler", which is used for managing Ruby dependencies. Dependabot will check for updates in the root directory ("/") on a daily basis.
+- "terraform", with updates being checked in the "/terraform" directory daily.
+- "github-actions", which manages GitHub Actions workflows. Updates will be checked in the root directory ("/") daily.
+- "pip", used for Python dependencies. Dependabot will check for updates in the root directory ("/") daily.
+- "npm", which manages JavaScript dependencies. Updates will be checked in the root directory ("/") daily.
+
+### Alternative Considerations:
+
+#### Renovate Bot
+
+Renovate bot targeting dependencies from the “terraform-module” and “terraform-provider” in the repositories have been temporarily disabled
+
+- 'ministryofjustice/network-access-control-infrastructure',
+- 'ministryofjustice/nvvs-devops-github-actions',
+- 'ministryofjustice/staff-device-dns-dhcp-infrastructure',
+- 'ministryofjustice/staff-device-shared-services-infrastructure',
+- 'ministryofjustice/staff-infrastructure-network-services',
+- 'ministryofjustice/staff-technology-services-github-teams'