Reviewed-by: Michael D Kinney <[email protected]> Note to Maintainers: When this feature is merged, PRs from dependabot will be automatically added to the set of edk2 repo PRs. Never set 'push' label directly on these PRs. If a dependency identified by dependedabot looks like one that should be updated in the edk2 repo, then copy the PR generated by dependabot to your personal fork and update the commit message to follow the edk2 commit message requirements and send as a normal code review.
Thanks, Mike > -----Original Message----- > From: [email protected] <[email protected]> On Behalf Of Michael Kubacki > Sent: Tuesday, November 15, 2022 7:16 PM > To: [email protected] > Cc: Sean Brogan <[email protected]>; Kinney, Michael D > <[email protected]> > Subject: [edk2-devel] [PATCH v2 1/1] .github/dependabot.yml: Enable dependabot > > From: Michael Kubacki <[email protected]> > > Enables dependabot in this repo so we can better alerted when > dependency updates are available. > > This GitHub action will automatically create pull requests and > summarize the dependency details. Because it is a pull request, > the CI system will validate the dependency update in the pull > request. > > Configures dependabot for: > > 1. PIP module updates > 2. GitHub action updates > > The maintainers/reviewers of the .github directory were added as > pull request reviewers so they can be notified when the pull request > is available. > > Cc: Sean Brogan <[email protected]> > Cc: Michael D Kinney <[email protected]> > Signed-off-by: Michael Kubacki <[email protected]> > --- > > Notes: > An example of the pull requests created by this change > are available on my edk2 fork: > > https://github.com/makubacki/edk2/pulls > > V2 Changes: > > 1. Removed the "gitsubmodule" package ecosystem > > In the TianoCore Tools and CI Meeting, we decided > to follow up in the future in enabling submodules > on a case-by-case basis trying to move between > release tags. > > For now, this change enables tracking of pip and > GitHub action dependencies. > > .github/dependabot.yml | 34 ++++++++++++++++++++ > 1 file changed, 34 insertions(+) > > diff --git a/.github/dependabot.yml b/.github/dependabot.yml > new file mode 100644 > index 000000000000..b4e0b93b16ca > --- /dev/null > +++ b/.github/dependabot.yml > @@ -0,0 +1,34 @@ > +## @file > +# Dependabot configuration file to enable GitHub services for managing and > updating > +# dependencies. > +# > +# Copyright (c) Microsoft Corporation. > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +# Please see the documentation for all configuration options: > +# > https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates > +## > +version: 2 > +updates: > + - package-ecosystem: "pip" > + directory: "/" > + schedule: > + interval: "daily" > + commit-message: > + prefix: "pip" > + reviewers: > + - "makubacki" > + - "mdkinney" > + - "spbrogan" > + > + - package-ecosystem: "github-actions" > + directory: "/" > + schedule: > + interval: "weekly" > + day: "monday" > + commit-message: > + prefix: "GitHub Action" > + reviewers: > + - "makubacki" > + - "mdkinney" > + - "spbrogan" > -- > 2.28.0.windows.1 > > > > -=-=-=-=-=-= > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#96416): https://edk2.groups.io/g/devel/message/96416 > Mute This Topic: https://groups.io/mt/95059788/1643496 > Group Owner: [email protected] > Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] > -=-=-=-=-=-= > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#96417): https://edk2.groups.io/g/devel/message/96417 Mute This Topic: https://groups.io/mt/95059788/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
