otelcontext/.github/dependabot.yml at main · RandomCodeSpace/otelcontext · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# Dependabot configuration for otelcontext.
# Docs: https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
#
# Strategy:
#   * weekly cadence — keeps the noise floor low while still catching CVEs early
#   * grouped updates per ecosystem so PR fan-out stays manageable
#   * security updates fire whenever needed regardless of the weekly slot
#
# RAN-53 AC #5 reactive channel. Also enable repo-level "Dependabot security
# updates" via gh api (the version-updates below cover routine bumps; security
# updates are the reactive channel).

version: 2
updates:
  # ----- Go modules (the otelcontext binary) -----
  - package-ecosystem: "gomod"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "08:00"
      timezone: "Etc/UTC"
    open-pull-requests-limit: 10
    labels:
      - "type:dependencies"
      - "area:backend"
    commit-message:
      prefix: "chore(deps)"
      include: "scope"
    groups:
      otel:
        patterns:
          - "go.opentelemetry.io/*"
      grpc-protobuf:
        patterns:
          - "google.golang.org/grpc"
          - "google.golang.org/protobuf"
          - "google.golang.org/genproto*"
      gorm:
        patterns:
          - "gorm.io/*"
      azure:
        patterns:
          - "github.com/Azure/*"
          - "github.com/AzureAD/*"
      prometheus:
        patterns:
          - "github.com/prometheus/*"
      test-libs:
        patterns:
          - "github.com/stretchr/testify"
          - "github.com/google/go-cmp"

  # ----- GitHub Actions (CI / release / security) -----
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "08:00"
      timezone: "Etc/UTC"
    open-pull-requests-limit: 5
    labels:
      - "type:dependencies"
      - "area:ci"
    commit-message:
      prefix: "chore(actions)"
      include: "scope"
    groups:
      actions:
        patterns:
          - "*"

  # ----- Frontend (npm under ui/) -----
  - package-ecosystem: "npm"
    directory: "/ui"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "08:00"
      timezone: "Etc/UTC"
    open-pull-requests-limit: 5
    labels:
      - "type:dependencies"
      - "area:frontend"
    commit-message:
      prefix: "chore(frontend)"
      include: "scope"
    groups:
      react:
        patterns:
          - "react"
          - "react-dom"
          - "react-window"
          - "@types/react*"
          - "@types/react-window"
      mantine:
        patterns:
          - "@mantine/*"
      vite:
        patterns:
          - "vite"
          - "@vitejs/*"
      vitest-testing:
        patterns:
          - "vitest"
          - "@testing-library/*"
          - "jsdom"
      echarts:
        patterns:
          - "echarts"
          - "echarts-for-react"
      eslint:
        patterns:
          - "eslint"
          - "@eslint/*"
          - "eslint-plugin-*"
          - "typescript-eslint"
          - "globals"
      typescript:
        patterns:
          - "typescript"
          - "@types/*"