Merge pull request #234 from tykeal/dependabot

CI: Enable dependabot and update REUSE compliance
tykeal · Dec 1, 2024 · fa6a13d · fa6a13d
2 parents 882e763 + 2eb1c61
commit fa6a13d
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 13 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,19 @@
+---
+# SPDX-FileCopyrightText: 2021 Andrew Grimberg <tykeal@bardicgrove.org>
+# SPDX-License-Identifier: Apache-2.0
+
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.reuse/dep5 b/.reuse/dep5
diff --git a/REUSE.toml b/REUSE.toml
@@ -0,0 +1,19 @@
+version = 1
+
+[[annotations]]
+path = "node_modules/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2021 Andrew Grimberg <tykeal@bardicgrove.org>"
+SPDX-License-Identifier = "Apache-2.0"
+
+[[annotations]]
+path = "tests/.mypy**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2021 Andrew Grimberg <tykeal@bardicgrove.org>"
+SPDX-License-Identifier = "Apache-2.0"
+
+[[annotations]]
+path = "tests/__pycache__/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2021 Andrew Grimberg <tykeal@bardicgrove.org>"
+SPDX-License-Identifier = "Apache-2.0"