-
Notifications
You must be signed in to change notification settings - Fork 4
/
dependabutler-sample.yml
109 lines (103 loc) · 3.16 KB
/
dependabutler-sample.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#
# sample config file for dependabutler
#
#
# default settings for *all* new "update" entities
#
# - all properties are optional
#
# - for details and possible values, check out GitHub's documentation at
# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
#
update-defaults:
schedule:
interval: daily
timezone: Europe/Berlin
commit-message:
prefix: "[dependabutler] "
open-pull-requests-limit: 10
rebase-strategy: auto
#
# default settings for new "update" entities of a *specific* manifest type
#
# - all properties are optional
#
# - properties are applied in addition to those in the update-defaults section
#
# - properties with sub-properties (schedule, commit-message) are overwritten as a whole
#
update-overrides:
pip:
insecure-external-code-execution: allow
github-actions:
schedule:
interval: weekly
day: wednesday
#
# default registries
#
# - new "update" entities are linked with all the registries for the corresponding package ecosystem
#
# - if a registry is still missing in the config file, it is automatically added to the "registries" section
#
# - if "url-match-required" is true, then the URL (without the protocol part) must be found
#
# - by default, the manifest file is searched
# - additional files (in the same directory) can be defined using "url-match-additional-files"
#
registries:
npm:
my-npm-registry:
type: npm-registry
url: https://just.an.example.com/npm/private/
username: npmuser
password: "${{secrets.NPM_REGISTRY_PASSWORD}}"
url-match-required: true
url-match-additional-files:
- package-lock.json
- .npmrc
- pnpm-lock.yaml
docker:
my-docker-registry:
type: docker-registry
url: https://docker.just.an.example.com
username: dockeruser
password: "${{secrets.DOCKER_REGISTRY_PASSWORD}}"
url-match-required: true
my-other-docker-registry:
type: docker-registry
url: https://docker.other.just.an.example.com
username: dockeruser2
password: "${{secrets.OTHER_DOCKER_REGISTRY_PASSWORD}}"
url-match-required: true
#
# parameters for pull request created (for mode=remote)
#
pull-request-parameters:
author-name: dependabutler
author-email: [email protected]
commit-message: "update .github/dependabot.yml"
pr-title: "[dependabutler] update .github/dependabot.yml"
branch-name: "dependabutler-update"
branch-name-random-suffix: true
sleep-after-pr-action: 2
#
# patterns for detecting manifest files
#
# - can be extended in case you are using custom file names by convention
#
manifest-patterns:
npm: "^(.*/)?(package\\.json|pnpm-lock\\.ya?ml)$"
maven: "^(.*/)?pom\\.xml$"
pip: "^(.*/)?requirements\\.txt$"
docker: "^(.*/)?([^/.]+\\.)?Dockerfile(\\.[^/.]+)?$"
gomod: "^(.*/)?go\\.mod$"
composer: "^(.*/)?composer\\.json$"
gradle: "^(.*/)?build\\.gradle(\\.kts)?$"
github-actions: "^\\.github/workflows/.*\\.yml$"
bundler: "^(.*/)?Gemfile(\\.lock)?$"
cargo: "^(.*/)?Cargo\\.toml$"
#
# patterns for manifest paths to be ignored
#
manifest-ignore-pattern: "^.*[$][{].*$"