MachDatum
diff --git a/‎.github/dependabot.yml‎
Lines changed: 146 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 146 additions & 0 deletions
@@ -0,0 +1,146 @@
+# Dependabot configuration for ThingConnect Pulse
+# Automates dependency updates for .NET and npm packages
+
+version: 2
+updates:
+  # .NET NuGet packages
+  - package-ecosystem: "nuget"
+    directory: "/ThingConnect.Pulse.Server"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+      time: "09:00"
+      timezone: "America/New_York"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "hemanandr"
+    assignees:
+      - "hemanandr"
+    labels:
+      - "area:deps"
+      - "type:maintenance"
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+    # Group minor and patch updates to reduce PR volume
+    groups:
+      microsoft-packages:
+        patterns:
+          - "Microsoft.*"
+          - "System.*"
+        update-types:
+          - "minor"
+          - "patch"
+      serilog-packages:
+        patterns:
+          - "Serilog.*"
+        update-types:
+          - "minor"
+          - "patch"
+      ef-packages:
+        patterns:
+          - "Microsoft.EntityFrameworkCore.*"
+        update-types:
+          - "minor"
+          - "patch"
+    # Ignore specific packages that require manual updates
+    ignore:
+      - dependency-name: "Microsoft.AspNetCore.SpaProxy"
+        # Lock to .NET 8 compatible versions
+      - dependency-name: "StyleCop.Analyzers"
+        # Locked to beta version for .NET 8 support
+    rebase-strategy: "auto"
+
+  # Node.js npm packages (frontend)
+  - package-ecosystem: "npm"
+    directory: "/thingconnect.pulse.client"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+      time: "10:00"
+      timezone: "America/New_York"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "hemanandr"
+    assignees:
+      - "hemanandr"
+    labels:
+      - "area:deps"
+      - "type:maintenance"
+      - "area:frontend"
+    commit-message:
+      prefix: "deps(npm)"
+      include: "scope"
+    # Group updates by category to reduce PR volume
+    groups:
+      react-packages:
+        patterns:
+          - "react*"
+          - "@types/react*"
+        update-types:
+          - "minor"
+          - "patch"
+      typescript-packages:
+        patterns:
+          - "typescript"
+          - "@types/*"
+        update-types:
+          - "minor"
+          - "patch"
+      build-tools:
+        patterns:
+          - "vite*"
+          - "@vitejs/*"
+          - "eslint*"
+          - "@typescript-eslint/*"
+          - "prettier"
+        update-types:
+          - "minor"
+          - "patch"
+      chakra-ui:
+        patterns:
+          - "@chakra-ui/*"
+          - "@emotion/*"
+        update-types:
+          - "minor"
+          - "patch"
+    # Security updates always create individual PRs
+    ignore:
+      # Ignore major React updates until manual testing
+      - dependency-name: "react"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "react-dom"
+        update-types: ["version-update:semver-major"]
+    rebase-strategy: "auto"
+
+  # GitHub Actions workflows
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"  
+      time: "08:00"
+      timezone: "America/New_York"
+    open-pull-requests-limit: 2
+    reviewers:
+      - "hemanandr"
+    assignees:
+      - "hemanandr"
+    labels:
+      - "area:deps"
+      - "type:maintenance"
+      - "area:ci"
+    commit-message:
+      prefix: "deps(actions)"
+      include: "scope"
+    # Group action updates together
+    groups:
+      setup-actions:
+        patterns:
+          - "actions/checkout*"
+          - "actions/setup-*"
+          - "actions/upload-artifact*"
+        update-types:
+          - "minor"
+          - "patch"
+    rebase-strategy: "auto"