From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web09.2590.1668568571941163880 for ; Tue, 15 Nov 2022 19:16:12 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=DoZzBSNO; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from localhost.localdomain (unknown [47.201.8.94]) by linux.microsoft.com (Postfix) with ESMTPSA id EA89020B717A; Tue, 15 Nov 2022 19:16:10 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com EA89020B717A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1668568571; bh=peoSA3ceVMTIaroQmZjcuVw2hcdIJ6EOplYIVRnwSO8=; h=From:To:Cc:Subject:Date:From; b=DoZzBSNOuA7Olbxrzx3rnXLonBqmPuzIHzCUB1MPq6xvPgzGTtOE3PmglabGyiWBQ jiCgiB879110ZDen+UT+cmTCFWRijB0kGdXeeve6gIkJUjB3b5hx1+c0MISOC+Wa0u S2klSpgKdaXxtsewcv2vimUkcT3h8pEOI2X/KlK8= From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Sean Brogan , Michael D Kinney Subject: [PATCH v2 1/1] .github/dependabot.yml: Enable dependabot Date: Tue, 15 Nov 2022 22:15:55 -0500 Message-Id: <20221116031555.2896-1-mikuback@linux.microsoft.com> X-Mailer: git-send-email 2.28.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Michael Kubacki Enables dependabot in this repo so we can better alerted when dependency updates are available. This GitHub action will automatically create pull requests and summarize the dependency details. Because it is a pull request, the CI system will validate the dependency update in the pull request. Configures dependabot for: 1. PIP module updates 2. GitHub action updates The maintainers/reviewers of the .github directory were added as pull request reviewers so they can be notified when the pull request is available. Cc: Sean Brogan Cc: Michael D Kinney Signed-off-by: Michael Kubacki --- Notes: An example of the pull requests created by this change are available on my edk2 fork: =20 https://github.com/makubacki/edk2/pulls =20 V2 Changes: =20 1. Removed the "gitsubmodule" package ecosystem =20 In the TianoCore Tools and CI Meeting, we decided to follow up in the future in enabling submodules on a case-by-case basis trying to move between release tags. =20 For now, this change enables tracking of pip and GitHub action dependencies. .github/dependabot.yml | 34 ++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000000..b4e0b93b16ca --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,34 @@ +## @file +# Dependabot configuration file to enable GitHub services for managing a= nd updating +# dependencies. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuratio= n-options-for-dependency-updates +## +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + commit-message: + prefix: "pip" + reviewers: + - "makubacki" + - "mdkinney" + - "spbrogan" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + commit-message: + prefix: "GitHub Action" + reviewers: + - "makubacki" + - "mdkinney" + - "spbrogan" --=20 2.28.0.windows.1