mirror of
https://github.com/kevinveenbirkenbach/docker-volume-backup.git
synced 2026-07-17 06:05:13 +00:00
ci(deps): keep actions, docker base and pip deps updated automatically
Dependabot opens weekly PRs for the three update surfaces: github-actions (grouped into one PR; the first one also clears the Node 20 deprecation warning on checkout@v4 and upload-artifact@v4), the python base image, and the pip dependencies. A companion workflow enables auto-merge for minor and patch bumps so they land on their own once the required make test check is green; major bumps stay manual. Requires two repo settings: allow auto-merge, and a branch protection rule on main with make test as required status check, which is the gate that keeps auto-merge from landing untested changes. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
21
.github/dependabot.yml
vendored
Normal file
21
.github/dependabot.yml
vendored
Normal file
@@ -0,0 +1,21 @@
|
||||
---
|
||||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: github-actions
|
||||
directory: /
|
||||
schedule:
|
||||
interval: weekly
|
||||
groups:
|
||||
actions:
|
||||
patterns:
|
||||
- "*"
|
||||
|
||||
- package-ecosystem: docker
|
||||
directory: /
|
||||
schedule:
|
||||
interval: weekly
|
||||
|
||||
- package-ecosystem: pip
|
||||
directory: /
|
||||
schedule:
|
||||
interval: weekly
|
||||
29
.github/workflows/dependabot-auto-merge.yml
vendored
Normal file
29
.github/workflows/dependabot-auto-merge.yml
vendored
Normal file
@@ -0,0 +1,29 @@
|
||||
---
|
||||
name: Dependabot auto-merge
|
||||
|
||||
on: pull_request
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
auto-merge:
|
||||
# Enable auto-merge for minor/patch dependency bumps; majors stay manual.
|
||||
# The merge only happens once every required status check (make test) is
|
||||
# green, so the CI stays the gate.
|
||||
if: github.actor == 'dependabot[bot]'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Fetch dependency metadata
|
||||
id: metadata
|
||||
uses: dependabot/fetch-metadata@v2
|
||||
with:
|
||||
github-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Enable auto-merge (minor + patch)
|
||||
if: steps.metadata.outputs.update-type != 'version-update:semver-major'
|
||||
run: gh pr merge --auto --squash "$PR_URL"
|
||||
env:
|
||||
PR_URL: ${{ github.event.pull_request.html_url }}
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
Reference in New Issue
Block a user