emarref · August 7, 2024 03:42
diff --git a/Better Dependabot Configuration.md b/Better Dependabot Configuration.md
diff --git a/dependabot.yml b/dependabot.yml
 # .github/dependabot.yml
 # - All major version updates get their own PRs
 # - All security updates get their own PRs
 # - Patch and minor versions should be grouped into a single PR to reduce PR spam
 # - TypeScript should always have its own PR, even for patch and minor versions
 version: 2
 updates:
  # Update npm dependencies
  - package-ecosystem: 'npm'
    directories:
      - '**/*'
    versioning-strategy: increase
    schedule:
      interval: 'daily'
    groups:
      # Single out security patches to enable faster processing.
      # Less compatibility testing than when mixed with other updates etc
      security-updates:
        applies-to: security-updates
        dependency-type: production
      # Reduce PR spam by grouping patch and minor versions
      general-updates:
        applies-to: version-updates
        exclude-patterns:
          # Update TypeScript by itself.
          # Typescript famously does not follow Semver. What looks
          # like a patch version update may introduce breaking changes.
          # @see https://www.learningtypescript.com/articles/why-typescript-doesnt-follow-strict-semantic-versioning
          - typescript
        update-types:
          - patch
          - minor
      react:
        # Group all react and react-dom updates together
        applies-to: version-updates
        patterns:
          - react
          - react-dom
          - '@types/react'
          - '@types/react-dom'

  # Update GitHub Actions
  - package-ecosystem: 'github-actions'
    directory: '/'
    schedule:
      interval: monthly
    groups:
      general-updates:
        # Group patch and minor into a single PR
        # By omitting major update types, we allow each
        # dependency to have its own PR for new Major versions
        update-types:
          - patch
          - minor

  # Update Terraform modules
  - package-ecosystem: 'terraform'
    directories:
      - 'apps/web/terraform/deployment'
      - 'apps/web/terraform/registry'
    schedule:
      interval: monthly
    groups:
      general-updates:
        # Group patch and minor into a single PR
        # By omitting major update types, we allow each
        # dependency to have its own PR for new Major versions
        update-types:
          - patch
          - minor
	# .github/dependabot.yml
	# - All major version updates get their own PRs
	# - All security updates get their own PRs
	# - Patch and minor versions should be grouped into a single PR to reduce PR spam
	# - TypeScript should always have its own PR, even for patch and minor versions
	version: 2
	updates:
	# Update npm dependencies
	- package-ecosystem: 'npm'
	directories:
	- '*/'
	versioning-strategy: increase
	schedule:
	interval: 'daily'
	groups:
	# Single out security patches to enable faster processing.
	# Less compatibility testing than when mixed with other updates etc
	security-updates:
	applies-to: security-updates
	dependency-type: production
	# Reduce PR spam by grouping patch and minor versions
	general-updates:
	applies-to: version-updates
	exclude-patterns:
	# Update TypeScript by itself.
	# Typescript famously does not follow Semver. What looks
	# like a patch version update may introduce breaking changes.
	# @see https://www.learningtypescript.com/articles/why-typescript-doesnt-follow-strict-semantic-versioning
	- typescript
	update-types:
	- patch
	- minor
	react:
	# Group all react and react-dom updates together
	applies-to: version-updates
	patterns:
	- react
	- react-dom
	- '@types/react'
	- '@types/react-dom'

	# Update GitHub Actions
	- package-ecosystem: 'github-actions'
	directory: '/'
	schedule:
	interval: monthly
	groups:
	general-updates:
	# Group patch and minor into a single PR
	# By omitting major update types, we allow each
	# dependency to have its own PR for new Major versions
	update-types:
	- patch
	- minor

	# Update Terraform modules
	- package-ecosystem: 'terraform'
	directories:
	- 'apps/web/terraform/deployment'
	- 'apps/web/terraform/registry'
	schedule:
	interval: monthly
	groups:
	general-updates:
	# Group patch and minor into a single PR
	# By omitting major update types, we allow each
	# dependency to have its own PR for new Major versions
	update-types:
	- patch
	- minor
No results found