Skip to content

Commit

Permalink
Merge pull request #2237 from alphagov/dependabot-config
Browse files Browse the repository at this point in the history
Add Dependabot configuration
  • Loading branch information
MuriloDalRi authored Jul 17, 2020
2 parents 5ba84d1 + d3e0b3f commit aaf4981
Showing 1 changed file with 38 additions and 0 deletions.
38 changes: 38 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
version: 2
updates:
- package-ecosystem: bundler
directory: /
schedule:
interval: daily
allow:
# Security updates
- dependency-name: brakeman
dependency-type: direct
# Internal gems
- dependency-name: "govuk*"
dependency-type: direct
- dependency-name: gds-api-adapters
dependency-type: direct
- dependency-name: plek
dependency-type: direct
- dependency-name: rubocop-govuk
dependency-type: direct
# Framework gems
- dependency-name: jasmine-rails
dependency-type: direct
- dependency-name: minitest
dependency-type: direct
- dependency-name: rails
dependency-type: direct

# Ruby needs to be upgraded manually in multiple places, so cannot
# be upgraded by Dependabot. That effectively makes the below
# config redundant, as ruby is the only updatable thing in the
# Dockerfile, although this may change in the future. We hope this
# config will save a dev from trying to upgrade ruby via Dependabot.
- package-ecosystem: docker
ignore:
- dependency-name: ruby
directory: /
schedule:
interval: weekly

0 comments on commit aaf4981

Please sign in to comment.