[CI] Create dependabot.yml for version updating (#66)

reactive-firewall · web-flow · commit 7b9c1776d214 · 2024-09-05T17:02:04.000-07:00
- Resolves issue #67 and others raised during code review. --- 🩹 **Caution:** Dependabot seems confused by the nature of this development branch and is unable to cope, so while dangerous, its CI failures will be ignored for this PR. --- Squashes: * Create dependabot.yml f5dad4c * [STYLE] Apply suggestions from code review (- WIP #67 & PR #66 -) 776159a * [REGRESSION] Fix .github/dependabot.yml spacing (- WIP PR #66 -) a67d225
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,77 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+# This Dependabot configuration file is set up to manage dependency updates for both Python packages (pip) and GitHub Actions workflows.
+# 
+# Key points:
+# - Dependencies are categorized into production and development groups.
+# - The "setuptools" package is treated as an exception: it is excluded from the production group but is still allowed to be updated as a production dependency.
+# - The configuration includes specific labels, assignees, and commit message formats to streamline the update process.
+# - Updates are scheduled to run weekly on Tuesdays.
+
+version: 2
+updates:
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    milestone: 2
+    target-branch: "master"
+    versioning-strategy: increase-if-necessary
+    # Labels on pull requests for version updates only
+    labels:
+      - "Configs"
+      - "Version Update"
+      - "Python Lang"
+      - "Python Repo"
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+        exclude-patterns:
+          - "setuptools*"
+      development-dependencies:
+        dependency-type: "development"
+    allow: 
+      - dependency-name: "setuptools"
+        dependency-type: "production"
+      - dependency-name: "pip"
+        dependency-type: "direct"
+      - dependency-name: "wheel"
+        dependency-type: "production"
+      - dependency-name: "build"
+        dependency-type: "production"
+      - dependency-name: "argparse"
+        dependency-type: "direct"
+      - dependency-name: "six"
+        dependency-type: "direct"
+      - dependency-name: "tox"
+        dependency-type: "development"
+      - dependency-name: "virtualenv"
+        dependency-type: "development"
+    assignees:
+      - "reactive-firewall"
+    commit-message:
+      prefix: "[HOTFIX] "
+      include: "scope"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+   - package-ecosystem: "github-actions" # See documentation for possible values
+     directory: ".github/workflows/" # Location of package manifests
+     milestone: 2
+     target-branch: "master"
+     # Labels on pull requests for version updates only
+     labels:
+       - "Configs"
+       - "Version Update"
+       - "GitHub"
+       - "Testing"
+       - "Python Repo"
+     assignees:
+       - "reactive-firewall"
+     commit-message:
+       prefix: "[UPDATE] "
+       include: "scope"
+     schedule:
+       interval: "weekly"
+       day: "tuesday"
