Skip to content
This repository has been archived by the owner on Nov 6, 2024. It is now read-only.

Dependabot for plugin template and child plugins #184

Merged
merged 6 commits into from
Jun 6, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Dependabot configuration
# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-github-dependabot-version-updates
# https://til.simonwillison.net/github/dependabot-python-setup
version: 2
updates:
- package-ecosystem: pip
directory: "/"
schedule:
interval: monthly
groups:
python-packages:
patterns:
- "*"
16 changes: 16 additions & 0 deletions PROMPTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,22 @@ In order to use this option, you must run `git init` once in
your package's root directory.
```

## install_precommit

The default for this prompt is `"n"`.

If you choose "y" for this prompt, then [pre-commit](ttps://pre-commit.com/) will be installed.
Among other things, it includes checks for code linting and best practices in napari plugins.

## install_dependabot

The default for this prompt is `"n"`.

If you choose "y" for this prompt, then a [Dependabot](https://docs.github.com/en/code-security/dependabot) configuration file will be created at `.github/dependabot.yml`.

You will still need to enable Dependabot in your github settings, [see the instructions at this link](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#managing-dependabot-security-updates-for-your-repositories).


## license

This prompt allows you to choose from a variety of open source licensing options
Expand Down
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,12 @@ pre-commit install
You can also have these checks run automatically for you when you push to github
by installing [pre-commit ci](https://pre-commit.ci/) on your repository.

## Dependabot

This template also includes a default yaml configuration for [Dependabot](https://docs.github.com/en/code-security/dependabot). This can help you check for security updates to easily update vulnerable dependencies.

You will still need to enable Dependabot in your github settings, [see the instructions at this link](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#managing-dependabot-security-updates-for-your-repositories). Your Dependabot configuration file is located at `.github/dependabot.yml`.

## Features

- Installable [PyPI] package
Expand Down
1 change: 1 addition & 0 deletions cookiecutter.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
"include_widget_plugin": "y",
"use_git_tags_for_versioning": "n",
"install_precommit": "n",
"install_dependabot": "n",
"license": [
"BSD-3",
"MIT",
Expand Down
4 changes: 4 additions & 0 deletions hooks/post_gen_project.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,10 @@ def remove_unrequested_plugin_examples():
remove_file(f"src/{module}/_{name}.py")
remove_file(f"src/{module}/_tests/test_{name}.py")
logger.debug(f"removing {module}/_{name}.py")
# remove dependabot config if unrequested
{% elif key.startswith("install_dependabot") and value != 'y' %}
remove_file(".github/dependabot.yml")
logger.debug("removing .github/dependabot.yml")
{% endif %}
{% endfor %}

Expand Down
15 changes: 15 additions & 0 deletions {{cookiecutter.plugin_name}}/.github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# Dependabot configuration
# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-github-dependabot-version-updates
# https://til.simonwillison.net/github/dependabot-python-setup
{% raw %}
version: 2
updates:
- package-ecosystem: pip
directory: "/"
schedule:
interval: monthly
groups:
python-packages:
patterns:
- "*"
{% endraw %}
Loading