From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Sean Brogan <sean.brogan@microsoft.com>,
Michael D Kinney <michael.d.kinney@intel.com>
Subject: [PATCH v2 1/1] .github/dependabot.yml: Enable dependabot
Date: Tue, 15 Nov 2022 22:15:55 -0500 [thread overview]
Message-ID: <20221116031555.2896-1-mikuback@linux.microsoft.com> (raw)
From: Michael Kubacki <michael.kubacki@microsoft.com>
Enables dependabot in this repo so we can better alerted when
dependency updates are available.
This GitHub action will automatically create pull requests and
summarize the dependency details. Because it is a pull request,
the CI system will validate the dependency update in the pull
request.
Configures dependabot for:
1. PIP module updates
2. GitHub action updates
The maintainers/reviewers of the .github directory were added as
pull request reviewers so they can be notified when the pull request
is available.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
Notes:
An example of the pull requests created by this change
are available on my edk2 fork:
https://github.com/makubacki/edk2/pulls
V2 Changes:
1. Removed the "gitsubmodule" package ecosystem
In the TianoCore Tools and CI Meeting, we decided
to follow up in the future in enabling submodules
on a case-by-case basis trying to move between
release tags.
For now, this change enables tracking of pip and
GitHub action dependencies.
.github/dependabot.yml | 34 ++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000000..b4e0b93b16ca
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,34 @@
+## @file
+# Dependabot configuration file to enable GitHub services for managing and updating
+# dependencies.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+##
+version: 2
+updates:
+ - package-ecosystem: "pip"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ commit-message:
+ prefix: "pip"
+ reviewers:
+ - "makubacki"
+ - "mdkinney"
+ - "spbrogan"
+
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: "weekly"
+ day: "monday"
+ commit-message:
+ prefix: "GitHub Action"
+ reviewers:
+ - "makubacki"
+ - "mdkinney"
+ - "spbrogan"
--
2.28.0.windows.1
next reply other threads:[~2022-11-16 3:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-16 3:15 Michael Kubacki [this message]
2022-11-16 3:32 ` [edk2-devel] [PATCH v2 1/1] .github/dependabot.yml: Enable dependabot Michael D Kinney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221116031555.2896-1-mikuback@linux.microsoft.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox