arduino/library-registry
1
0
Fork 0
mirror of https://github.com/arduino/library-registry.git synced 2025-07-07 14:41:10 +03:00
Code Activity

Configure Dependabot for updates to production branch deps

Browse Source 
Since we already have the Dependabot infrastructure in place for managing dependencies of the project's Go code and
GitHub Actions workflows, it makes sense to do the same for the newly introduced Go and Python dependencies as well.

This configuration is applied to the `production` branch (using the `target-branch` key), but it must be added to the
configuration file in the default branch (`main`) because Dependabot only pays attention to the default branch's
configuration file.

Reference:
https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#about-the-dependabotyml-file
This commit is contained in:
per1234
2021-07-16 02:03:11 -07:00
parent 4fcd1f36a2
commit e12e4a25e5
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.github/dependabot.yml vendored
View File

@ -17,3 +17,17 @@ updates:
interval: daily
labels:
- "topic: infrastructure"
- package-ecosystem: gomod
target-branch: production
directory: /.github/workflows/assets/validate-registry/
schedule:
interval: daily
labels:
- "topic: infrastructure"
- package-ecosystem: pip
target-branch: production
directory: /
schedule:
interval: daily
labels:
- "topic: infrastructure"