/
dependabot.yaml
52 lines (48 loc) · 1.63 KB
/
dependabot.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "friday"
open-pull-requests-limit: 2 # <- default is 5
groups: # <- group all github actions updates in a single PR
# 1. development-dependencies are auto-merged
development-dependencies:
patterns:
- '*'
- package-ecosystem: "gomod"
# We define 4 groups of dependencies to regroup update pull requests:
# - development (e.g. test dependencies)
# - go-openapi updates
# - golang.org (e.g. golang.org/x/... packages)
# - other dependencies (direct or indirect)
#
# * All groups are checked once a week and each produce at most 1 PR.
# * All dependabot PRs are auto-approved
#
# Auto-merging policy, when requirements are met:
# 1. development-dependencies are auto-merged
# 2. golang.org-dependencies are auto-merged
# 3. go-openapi patch updates are auto-merged. Minor/major version updates require a manual merge.
# 4. other dependencies require a manual merge
directory: "/"
schedule:
interval: "weekly"
day: "friday"
open-pull-requests-limit: 4
groups:
development-dependencies:
patterns:
- "github.com/stretchr/testify"
golang.org-dependencies:
patterns:
- "golang.org/*"
go-openapi-dependencies:
patterns:
- "github.com/go-openapi/*"
other-dependencies:
exclude-patterns:
- "github.com/go-openapi/*"
- "github.com/stretchr/testify"
- "golang.org/*"