From 07a19428f6c592ee21ff2cec3419fd7c6b79251d Mon Sep 17 00:00:00 2001 From: Sven Greb Date: Sun, 8 Nov 2020 22:27:22 +0100 Subject: [PATCH] Update to "tmpl" template repository version 0.6.0 Updated to "tmpl" version 0.6.0 [1] which introduced a configuration for automated dependency updates and security alerts [2] with Dependabot [3]. Next to the included update configurations for the CI/CD GitHub action workflow [4] and Yarn/NPM dependencies [5], the file has been extended to support Go modules [6]. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.5.0 [2]: https://github.com/svengreb/tmpl/issues/52 [3]: https://dependabot.com [4]: https://github.com/svengreb/tmpl#cicd-action-workflow [5]: https://github.com/svengreb/tmpl#nodejs-yarn-and-npm [6]: https://golang.org/ref/mod GH-24 --- .github/dependabot.yml | 44 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..03a5b6c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,44 @@ +# Copyright (c) 2020-present Sven Greb +# This source code is licensed under the MIT license found in the LICENSE file. + +# Configuration for the native Dependabot integration. +# See the official GitHub documentations for more details: +# - https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/configuration-options-for-dependency-updates +# - https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-dependabot-version-updates +# - https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/about-dependabot-security-updates +# - https://github.com/features#features-security + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + reviewers: + - "svengreb" + labels: + - "scope-quality" + - "scope-security" + - "target-base" + + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "weekly" + reviewers: + - "svengreb" + labels: + - "scope-quality" + - "scope-security" + - "target-base" + + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + reviewers: + - "svengreb" + labels: + - "scope-quality" + - "scope-security" + - "target-base"