|
2 | 2 | # package ecosystems to update and where the package manifests are located. |
3 | 3 | # Please see the documentation for all configuration options: |
4 | 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates |
5 | | - |
6 | | -# .github/dependabot.yml |
| 5 | + |
7 | 6 | version: 2 |
8 | | - |
9 | 7 | updates: |
10 | | -# 1) All frontend (npm) deps in ONE PR ────────────────────────────────────────── |
11 | | - - package-ecosystem: "npm" |
12 | | - directory: "/src/frontend" |
| 8 | + - package-ecosystem: "npm" # for frontend dependencies |
| 9 | + directory: "/src/frontend" |
13 | 10 | schedule: |
14 | | - interval: "monthly" # run once a month; change to "weekly" |
15 | | - target-branch: "dependabotchanges" |
16 | | - open-pull-requests-limit: 10 # plenty of head-room; has no effect |
| 11 | + interval: "monthly" |
17 | 12 | commit-message: |
18 | | - prefix: "build(deps)" |
19 | | - # keep widen-ranges (default) → plays nicer with peerDeps |
20 | | - groups: |
21 | | - all-frontend-deps: |
22 | | - patterns: |
23 | | - - "*" # grab **everything** |
24 | | - # ignore majors (and peers) that commonly explode CI; you can remove later |
25 | | - ignore: |
26 | | - - dependency-name: "react" |
27 | | - update-types: ["version-update:semver-major"] |
28 | | - - dependency-name: "@types/react" |
29 | | - update-types: ["version-update:semver-major"] |
30 | | - - dependency-name: "@fluentui/*" |
31 | | - update-types: ["version-update:semver-major"] |
32 | | - |
33 | | -# 2) All backend (pip) deps in ONE PR ─────────────────────────────────────────── |
34 | | - - package-ecosystem: "pip" |
35 | | - directory: "/src" |
| 13 | + prefix: "build" |
| 14 | + target-branch: "dependabotchanges" |
| 15 | + open-pull-requests-limit: 100 |
| 16 | + |
| 17 | + - package-ecosystem: "pip" # for backend dependencies |
| 18 | + directory: "/src" |
36 | 19 | schedule: |
37 | 20 | interval: "monthly" |
38 | | - target-branch: "dependabotchanges" |
39 | | - open-pull-requests-limit: 10 |
40 | 21 | commit-message: |
41 | | - prefix: "build(deps)" |
42 | | - groups: |
43 | | - all-backend-deps: |
44 | | - patterns: |
45 | | - - "*" # everything in requirements*.txt / py-project |
46 | | - |
47 | | -# 3) All GitHub Actions in ONE PR ─────────────────────────────────────────────── |
| 22 | + prefix: "build" |
| 23 | + target-branch: "dependabotchanges" |
| 24 | + open-pull-requests-limit: 100 |
| 25 | + |
48 | 26 | - package-ecosystem: "github-actions" |
49 | 27 | directory: "/" |
50 | 28 | schedule: |
51 | 29 | interval: "monthly" |
52 | | - target-branch: "dependabotchanges" |
53 | | - open-pull-requests-limit: 10 |
54 | 30 | commit-message: |
55 | | - prefix: "build(deps)" |
56 | | - groups: |
57 | | - all-actions: |
58 | | - patterns: |
59 | | - - "*" # all actions |
| 31 | + prefix: "build" |
| 32 | + target-branch: "dependabotchanges" |
| 33 | + open-pull-requests-limit: 100 |
0 commit comments