Skip to content

Commit 1162f77

Browse files
cbandycbandy
committed
Use Dependabot to automatically update Go modules
It will submit updates to Kubernetes and OpenTelemetry separately from other modules.
1 parent 8f4e976 commit 1162f77

File tree

1 file changed

+41
-1
lines changed

1 file changed

+41
-1
lines changed

.github/dependabot.yml

Lines changed: 41 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,16 +5,56 @@
55
# documentation: https://docs.github.com/code-security/dependabot/dependabot-version-updates
66
# schema documentation: https://docs.github.com/code-security/dependabot/working-with-dependabot/dependabot-options-reference
77
# yaml-language-server: $schema=https://json.schemastore.org/dependabot-2.0.json
8+
#
9+
# Dependabot allows only one schedule per package-ecosystem, directory, and target-branch.
10+
# Configurations that lack a "target-branch" field also affect security updates.
11+
#
12+
# There is a hack to have *two* schedules: https://github.com/dependabot/dependabot-core/issues/1778#issuecomment-1988140219
813
---
914
version: 2
1015
updates:
1116
- package-ecosystem: github-actions
1217
directories:
18+
# "/" is a special case that includes ".github/workflows/*"
1319
- '/'
1420
- '.github/actions/*'
1521
schedule:
1622
interval: weekly
1723
day: tuesday
24+
labels:
25+
- dependencies
26+
groups:
27+
# Group security updates into one pull request
28+
action-vulnerabilities:
29+
applies-to: security-updates
30+
patterns: ['*']
31+
32+
# Group version updates into one pull request
33+
github-actions:
34+
applies-to: version-updates
35+
patterns: ['*']
36+
37+
- package-ecosystem: gomod
38+
directory: '/'
39+
schedule:
40+
interval: weekly
41+
day: wednesday
42+
labels:
43+
- dependencies
1844
groups:
19-
all-github-actions:
45+
# Group security updates into one pull request
46+
go-vulnerabilities:
47+
applies-to: security-updates
48+
patterns: ['*']
49+
50+
# Group Kubernetes and OpenTelemetry version updates into separate pull requests
51+
kubernetes:
52+
patterns: ['k8s.io/*', 'sigs.k8s.io/*']
53+
opentelemetry:
54+
patterns: ['go.opentelemetry.io/*']
55+
go-dependencies:
2056
patterns: ['*']
57+
exclude-patterns:
58+
- 'k8s.io/*'
59+
- 'sigs.k8s.io/*'
60+
- 'go.opentelemetry.io/*'

0 commit comments

Comments
 (0)