DataSpaceBackend/.github/dependabot.yml at 97260a83054054f555dfed822d294c12fb7ebc44 · CivicDataLab/DataSpaceBackend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "09:00"
      timezone: "Asia/Kolkata"
    open-pull-requests-limit: 10
    reviewers:
      - "Deepthi-Chand"
    labels:
      - "dependencies"
      - "python"
      - "security"
    commit-message:
      prefix: "chore(deps)"
      include: "scope"
    # Group updates to reduce PR noise
    groups:
      # Group all patch and minor updates for dev dependencies
      dev-dependencies:
        dependency-type: "development"
        update-types:
          - "minor"
          - "patch"
      # Group patch updates for production dependencies
      production-dependencies:
        dependency-type: "production"
        update-types:
          - "patch"
    # Allow both direct and indirect dependencies
    allow:
      - dependency-type: "direct"
      - dependency-type: "indirect"

  # Docker base images
  - package-ecosystem: "docker"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "09:00"
      timezone: "Asia/Kolkata"
    open-pull-requests-limit: 5
    reviewers:
      - "Deepthi-Chand"
    labels:
      - "dependencies"
      - "docker"
      - "infrastructure"
    commit-message:
      prefix: "chore(docker)"
      include: "scope"

  # GitHub Actions workflows
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "09:00"
      timezone: "Asia/Kolkata"
    open-pull-requests-limit: 5
    reviewers:
      - "Deepthi-Chand"
    labels:
      - "dependencies"
      - "github-actions"
      - "ci/cd"
    commit-message:
      prefix: "chore(ci)"
      include: "scope"
    # Group all GitHub Actions updates together
    groups:
      github-actions:
        patterns:
          - "*"