[PATCH v2 1/1] .github/dependabot.yml: Enable dependabot

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

* [PATCH v2 1/1] .github/dependabot.yml: Enable dependabot
@ 2022-11-16  3:15 Michael Kubacki
  2022-11-16  3:32 ` [edk2-devel] " Michael D Kinney
  0 siblings, 1 reply; 2+ messages in thread
From: Michael Kubacki @ 2022-11-16  3:15 UTC (permalink / raw)
  To: devel; +Cc: Sean Brogan, Michael D Kinney

From: Michael Kubacki <michael.kubacki@microsoft.com>

Enables dependabot in this repo so we can better alerted when
dependency updates are available.

This GitHub action will automatically create pull requests and
summarize the dependency details. Because it is a pull request,
the CI system will validate the dependency update in the pull
request.

Configures dependabot for:

1. PIP module updates
2. GitHub action updates

The maintainers/reviewers of the .github directory were added as
pull request reviewers so they can be notified when the pull request
is available.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---

Notes:
    An example of the pull requests created by this change
    are available on my edk2 fork:
    
    https://github.com/makubacki/edk2/pulls
    
    V2 Changes:
    
    1. Removed the "gitsubmodule" package ecosystem
    
    In the TianoCore Tools and CI Meeting, we decided
    to follow up in the future in enabling submodules
    on a case-by-case basis trying to move between
    release tags.
    
    For now, this change enables tracking of pip and
    GitHub action dependencies.

 .github/dependabot.yml | 34 ++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000000..b4e0b93b16ca
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,34 @@
+## @file
+# Dependabot configuration file to enable GitHub services for managing and updating
+# dependencies.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+##
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "pip"
+    reviewers:
+      - "makubacki"
+      - "mdkinney"
+      - "spbrogan"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    commit-message:
+      prefix: "GitHub Action"
+    reviewers:
+      - "makubacki"
+      - "mdkinney"
+      - "spbrogan"
-- 
2.28.0.windows.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [edk2-devel] [PATCH v2 1/1] .github/dependabot.yml: Enable dependabot
  2022-11-16  3:15 [PATCH v2 1/1] .github/dependabot.yml: Enable dependabot Michael Kubacki
@ 2022-11-16  3:32 ` Michael D Kinney
  0 siblings, 0 replies; 2+ messages in thread
From: Michael D Kinney @ 2022-11-16  3:32 UTC (permalink / raw)
  To: devel@edk2.groups.io, mikuback@linux.microsoft.com,
	Kinney, Michael D
  Cc: Sean Brogan

Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

Note to Maintainers:  When this feature is merged, PRs from dependabot will be
automatically added to the set of edk2 repo PRs.  Never set 'push' label directly
on these PRs.  If a dependency identified by dependedabot looks like one that
should be updated in the edk2 repo, then copy the PR generated by dependabot to
your personal fork and update the commit message to follow the edk2 commit
message requirements and send as a normal code review.

Thanks,

Mike


> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael Kubacki
> Sent: Tuesday, November 15, 2022 7:16 PM
> To: devel@edk2.groups.io
> Cc: Sean Brogan <sean.brogan@microsoft.com>; Kinney, Michael D <michael.d.kinney@intel.com>
> Subject: [edk2-devel] [PATCH v2 1/1] .github/dependabot.yml: Enable dependabot
> 
> From: Michael Kubacki <michael.kubacki@microsoft.com>
> 
> Enables dependabot in this repo so we can better alerted when
> dependency updates are available.
> 
> This GitHub action will automatically create pull requests and
> summarize the dependency details. Because it is a pull request,
> the CI system will validate the dependency update in the pull
> request.
> 
> Configures dependabot for:
> 
> 1. PIP module updates
> 2. GitHub action updates
> 
> The maintainers/reviewers of the .github directory were added as
> pull request reviewers so they can be notified when the pull request
> is available.
> 
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> ---
> 
> Notes:
>     An example of the pull requests created by this change
>     are available on my edk2 fork:
> 
>     https://github.com/makubacki/edk2/pulls
> 
>     V2 Changes:
> 
>     1. Removed the "gitsubmodule" package ecosystem
> 
>     In the TianoCore Tools and CI Meeting, we decided
>     to follow up in the future in enabling submodules
>     on a case-by-case basis trying to move between
>     release tags.
> 
>     For now, this change enables tracking of pip and
>     GitHub action dependencies.
> 
>  .github/dependabot.yml | 34 ++++++++++++++++++++
>  1 file changed, 34 insertions(+)
> 
> diff --git a/.github/dependabot.yml b/.github/dependabot.yml
> new file mode 100644
> index 000000000000..b4e0b93b16ca
> --- /dev/null
> +++ b/.github/dependabot.yml
> @@ -0,0 +1,34 @@
> +## @file
> +# Dependabot configuration file to enable GitHub services for managing and updating
> +# dependencies.
> +#
> +# Copyright (c) Microsoft Corporation.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +# Please see the documentation for all configuration options:
> +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
> +##
> +version: 2
> +updates:
> +  - package-ecosystem: "pip"
> +    directory: "/"
> +    schedule:
> +      interval: "daily"
> +    commit-message:
> +      prefix: "pip"
> +    reviewers:
> +      - "makubacki"
> +      - "mdkinney"
> +      - "spbrogan"
> +
> +  - package-ecosystem: "github-actions"
> +    directory: "/"
> +    schedule:
> +      interval: "weekly"
> +      day: "monday"
> +    commit-message:
> +      prefix: "GitHub Action"
> +    reviewers:
> +      - "makubacki"
> +      - "mdkinney"
> +      - "spbrogan"
> --
> 2.28.0.windows.1
> 
> 
> 
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#96416): https://edk2.groups.io/g/devel/message/96416
> Mute This Topic: https://groups.io/mt/95059788/1643496
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [michael.d.kinney@intel.com]
> -=-=-=-=-=-=
> 


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-11-16  3:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-16  3:15 [PATCH v2 1/1] .github/dependabot.yml: Enable dependabot Michael Kubacki
2022-11-16  3:32 ` [edk2-devel] " Michael D Kinney

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox