From f5dad4cf84dcc50b69a7d1cb904b56fab37bf4c1 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Thu, 5 Sep 2024 15:18:51 -0700 Subject: [PATCH 1/3] Create dependabot.yml --- .github/dependabot.yml | 69 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..28e087e --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,69 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "pip" # See documentation for possible values + directory: "/" # Location of package manifests + milestone: 2 + target-branch: "master" + versioning-strategy: increase-if-necessary + # Labels on pull requests for version updates only + labels: + - "Configs" + - "Duplicate" + - "Python Lang" + - "Python Repo" + groups: + production-dependencies: + dependency-type: "production" + exclude-patterns: + - "setuptools*" + development-dependencies: + dependency-type: "development" + allow: + - dependency-name: "setuptools" + dependency-type: "production" + - dependency-name: "pip" + dependency-type: "direct" + - dependency-name: "wheel" + dependency-type: "production" + - dependency-name: "build" + dependency-type: "production" + - dependency-name: "argparse" + dependency-type: "direct" + - dependency-name: "six" + dependency-type: "direct" + - dependency-name: "tox" + dependency-type: "development" + - dependency-name: "virtualenv" + dependency-type: "development" + assignees: + - "reactive-firewall" + commit-message: + prefix: "[HOTFIX] " + include: "scope" + schedule: + interval: "weekly" + day: "tuesday" + - package-ecosystem: "github-actions" # See documentation for possible values + directory: ".github/workflows/" # Location of package manifests + milestone: 2 + target-branch: "master" + # Labels on pull requests for version updates only + labels: + - "Configs" + - "Duplicate" + - "GitHub" + - "Testing" + - "Python Repo" + assignees: + - "reactive-firewall" + commit-message: + prefix: "[UPDATE] " + include: "scope" + schedule: + interval: "weekly" + day: "tuesday" From 776159a3086ce090b8f4e76df54994de636d7df6 Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Thu, 5 Sep 2024 16:32:53 -0700 Subject: [PATCH 2/3] [STYLE] Apply suggestions from code review (- WIP #67 & PR #66 -) - Resolves issue #67 and others raised during code review. Signed-off-by: Mr. Walls --- .github/dependabot.yml | 96 +++++++++++++++++++++++------------------- 1 file changed, 52 insertions(+), 44 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 28e087e..0e05553 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,51 +3,59 @@ # Please see the documentation for all configuration options: # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file +# This Dependabot configuration file is set up to manage dependency updates for both Python packages (pip) and GitHub Actions workflows. +# +# Key points: +# - Dependencies are categorized into production and development groups. +# - The "setuptools" package is treated as an exception: it is excluded from the production group but is still allowed to be updated as a production dependency. +# - The configuration includes specific labels, assignees, and commit message formats to streamline the update process. +# - Updates are scheduled to run weekly on Tuesdays. + version: 2 updates: - - package-ecosystem: "pip" # See documentation for possible values - directory: "/" # Location of package manifests - milestone: 2 - target-branch: "master" - versioning-strategy: increase-if-necessary - # Labels on pull requests for version updates only - labels: - - "Configs" - - "Duplicate" - - "Python Lang" - - "Python Repo" - groups: - production-dependencies: - dependency-type: "production" - exclude-patterns: - - "setuptools*" - development-dependencies: - dependency-type: "development" - allow: - - dependency-name: "setuptools" - dependency-type: "production" - - dependency-name: "pip" - dependency-type: "direct" - - dependency-name: "wheel" - dependency-type: "production" - - dependency-name: "build" - dependency-type: "production" - - dependency-name: "argparse" - dependency-type: "direct" - - dependency-name: "six" - dependency-type: "direct" - - dependency-name: "tox" - dependency-type: "development" - - dependency-name: "virtualenv" - dependency-type: "development" - assignees: - - "reactive-firewall" - commit-message: - prefix: "[HOTFIX] " - include: "scope" - schedule: - interval: "weekly" - day: "tuesday" + - package-ecosystem: "pip" # See documentation for possible values + directory: "/" # Location of package manifests + milestone: 2 + target-branch: "master" + versioning-strategy: increase-if-necessary + # Labels on pull requests for version updates only + labels: + - "Configs" + - "Version Update" + - "Python Lang" + - "Python Repo" + groups: + production-dependencies: + dependency-type: "production" + exclude-patterns: + - "setuptools*" + development-dependencies: + dependency-type: "development" + allow: + - dependency-name: "setuptools" + dependency-type: "production" + - dependency-name: "pip" + dependency-type: "direct" + - dependency-name: "wheel" + dependency-type: "production" + - dependency-name: "build" + dependency-type: "production" + - dependency-name: "argparse" + dependency-type: "direct" + - dependency-name: "six" + dependency-type: "direct" + - dependency-name: "tox" + dependency-type: "development" + - dependency-name: "virtualenv" + dependency-type: "development" + assignees: + - "reactive-firewall" + commit-message: + prefix: "[HOTFIX] " + include: "scope" + schedule: + interval: "weekly" + day: "tuesday" - package-ecosystem: "github-actions" # See documentation for possible values directory: ".github/workflows/" # Location of package manifests milestone: 2 @@ -55,7 +63,7 @@ updates: # Labels on pull requests for version updates only labels: - "Configs" - - "Duplicate" + - "Version Update" - "GitHub" - "Testing" - "Python Repo" From a67d225adec80120853ce26a5c5fbb12447c5a7f Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Thu, 5 Sep 2024 16:51:06 -0700 Subject: [PATCH 3/3] [REGRESSION] Fix .github/dependabot.yml spacing (- WIP PR #66 -) Signed-off-by: Mr. Walls --- .github/dependabot.yml | 96 +++++++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0e05553..d8d716e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -13,65 +13,65 @@ version: 2 updates: - - package-ecosystem: "pip" # See documentation for possible values - directory: "/" # Location of package manifests - milestone: 2 - target-branch: "master" - versioning-strategy: increase-if-necessary - # Labels on pull requests for version updates only - labels: - - "Configs" - - "Version Update" - - "Python Lang" - - "Python Repo" - groups: - production-dependencies: - dependency-type: "production" - exclude-patterns: - - "setuptools*" - development-dependencies: - dependency-type: "development" - allow: - - dependency-name: "setuptools" - dependency-type: "production" - - dependency-name: "pip" - dependency-type: "direct" - - dependency-name: "wheel" - dependency-type: "production" - - dependency-name: "build" - dependency-type: "production" - - dependency-name: "argparse" - dependency-type: "direct" - - dependency-name: "six" - dependency-type: "direct" - - dependency-name: "tox" - dependency-type: "development" - - dependency-name: "virtualenv" - dependency-type: "development" - assignees: - - "reactive-firewall" - commit-message: - prefix: "[HOTFIX] " - include: "scope" - schedule: - interval: "weekly" - day: "tuesday" - - package-ecosystem: "github-actions" # See documentation for possible values - directory: ".github/workflows/" # Location of package manifests + - package-ecosystem: "pip" # See documentation for possible values + directory: "/" # Location of package manifests milestone: 2 target-branch: "master" + versioning-strategy: increase-if-necessary # Labels on pull requests for version updates only labels: - "Configs" - "Version Update" - - "GitHub" - - "Testing" + - "Python Lang" - "Python Repo" + groups: + production-dependencies: + dependency-type: "production" + exclude-patterns: + - "setuptools*" + development-dependencies: + dependency-type: "development" + allow: + - dependency-name: "setuptools" + dependency-type: "production" + - dependency-name: "pip" + dependency-type: "direct" + - dependency-name: "wheel" + dependency-type: "production" + - dependency-name: "build" + dependency-type: "production" + - dependency-name: "argparse" + dependency-type: "direct" + - dependency-name: "six" + dependency-type: "direct" + - dependency-name: "tox" + dependency-type: "development" + - dependency-name: "virtualenv" + dependency-type: "development" assignees: - "reactive-firewall" commit-message: - prefix: "[UPDATE] " + prefix: "[HOTFIX] " include: "scope" schedule: interval: "weekly" day: "tuesday" + - package-ecosystem: "github-actions" # See documentation for possible values + directory: ".github/workflows/" # Location of package manifests + milestone: 2 + target-branch: "master" + # Labels on pull requests for version updates only + labels: + - "Configs" + - "Version Update" + - "GitHub" + - "Testing" + - "Python Repo" + assignees: + - "reactive-firewall" + commit-message: + prefix: "[UPDATE] " + include: "scope" + schedule: + interval: "weekly" + day: "tuesday"