Skip to content

Commit 6feca27

Browse files
geyslangeyslan
committed
chore(ci): dependabot gomod for sec updates only
Dependabot is now set to run daily for Go modules, but it will only create pull requests for security-related updates. Version bumps for gomod non-security updates will be handled manually, as we have many dependencies that require thorough testing.
1 parent cd6dc78 commit 6feca27

File tree

1 file changed

+21
-6
lines changed

1 file changed

+21
-6
lines changed

.github/dependabot.yaml

Lines changed: 21 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,18 +5,33 @@ version: 2
55
updates:
66
- package-ecosystem: "github-actions"
77
directory: "/"
8+
commit-message:
9+
prefix: '[github-actions] - '
810
schedule:
911
interval: "weekly"
12+
13+
- package-ecosystem: "docker"
14+
directories:
15+
- "/builder"
16+
commit-message:
17+
prefix: '[docker] - '
18+
schedule:
19+
interval: "weekly"
20+
1021
- package-ecosystem: "gomod"
1122
directories:
1223
- "/"
1324
- "/api"
1425
- "/types"
1526
- "/signatures/helpers"
1627
schedule:
17-
interval: "weekly"
18-
- package-ecosystem: "docker"
19-
directories:
20-
- "/builder"
21-
schedule:
22-
interval: "weekly"
28+
interval: "daily"
29+
commit-message:
30+
prefix: '[gomod][sec] - '
31+
groups:
32+
# Group security updates for golang dependencies
33+
# into a single pull request
34+
golang:
35+
applies-to: security-updates
36+
patterns:
37+
- "*"

0 commit comments

Comments
 (0)