Skip to content

ci: add dependabot config to manage dependency updates #194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Zidious wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

ci: add dependabot config to manage dependency updates #194

Zidious wants to merge 1 commit into from

Conversation

@Zidious
Copy link
Contributor

@Zidious Zidious commented Jul 12, 2024

This PR sets up dependabot so we can stay on top of dependencies. Each framework will have its own group so it is only tied into the generic npm dependencies such as eslnt etc.

Should let #193 land first before merging this as that updates most dependencies.

No QA Required

@Zidious Zidious requested a review from a team as a code owner July 12, 2024 20:45
This was referenced Jul 12, 2024
Open
Merged
dbjorge
dbjorge requested changes Jul 23, 2024
View reviewed changes
.github/dependabot.yml
Comment on lines +10 to +11
registries:
- 'npm-agora'
Copy link
Contributor

@dbjorge dbjorge Jul 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this required?

Copy link
Member

@stephenmathieson stephenmathieson Jul 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope =)

.github/dependabot.yml
version: 2
updates:
- package-ecosystem: 'npm'
directory: '/'
Copy link
Contributor

@dbjorge dbjorge Jul 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is going to work as-is (it'll update the root package.json but not the inner ones); most of our repos can use this sort of config because the generally use yarn workspaces, but we intentionally set up the examples repo to not use workspaces so the examples will operate more independently.

Workspaces used to be a requirement to make a reasonable dependabot config, but as of quite recently they support a multi-directory specification we should try here.

@Zidious Zidious reopened this Aug 29, 2024
@Zidious Zidious marked this pull request as draft August 29, 2024 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stephenmathieson stephenmathieson stephenmathieson left review comments

@dbjorge dbjorge dbjorge requested changes

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Zidious @dbjorge @stephenmathieson @jeremy-morgan-deque