[edk2-devel] [PATCH v1 1/1] .github/dependabot.yml: Enable dependabot
Michael D Kinney
michael.d.kinney at intel.com
Thu Nov 10 16:44:34 UTC 2022
Hi Michael,
Thanks. This feature is really useful to help keep our dependencies up to date.
For the EDK II Development Process, the PRs produced by dependabot would only
be informative and would never be merged directly. How do we mark these PRs
so they are never merged directly with a "push" label?
The EDK II Maintainers can monitor these PRs and when there is something that
needs to be updated, a developer can produce patches and send reviews
with required Signed-off-by and Reviewed-by tags in the commit message.
Thanks,
Mike
> -----Original Message-----
> From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Michael Kubacki
> Sent: Thursday, November 10, 2022 5:47 AM
> To: devel at edk2.groups.io
> Cc: Sean Brogan <sean.brogan at microsoft.com>; Kinney, Michael D <michael.d.kinney at intel.com>
> Subject: [edk2-devel] [PATCH v1 1/1] .github/dependabot.yml: Enable dependabot
>
> From: Michael Kubacki <michael.kubacki at microsoft.com>
>
> Enables dependabot in this repo so we can better alerted when
> dependency updates are available.
>
> This GitHub action will automatically create pull requests and
> summarize the dependency details. Because it is a pull request,
> the CI system will validate the dependency update in the pull
> request.
>
> Configures dependabot for:
>
> 1. PIP module updates
> 2. Submodule updates
> 3. GitHub action updates
>
> The maintainers/reviewers of the .github directory were added as
> pull request reviewers so they can be notified when the pull request
> is available.
>
> Cc: Sean Brogan <sean.brogan at microsoft.com>
> Cc: Michael D Kinney <michael.d.kinney at intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki at microsoft.com>
> ---
>
> Notes:
> An example of the pull requests created by this change
> are available on my edk2 fork:
>
> https://github.com/makubacki/edk2/pulls
>
> .github/dependabot.yml | 45 ++++++++++++++++++++
> 1 file changed, 45 insertions(+)
>
> diff --git a/.github/dependabot.yml b/.github/dependabot.yml
> new file mode 100644
> index 000000000000..7f405721fd3d
> --- /dev/null
> +++ b/.github/dependabot.yml
> @@ -0,0 +1,45 @@
> +## @file
> +# Dependabot configuration file to enable GitHub services for managing and updating
> +# dependencies.
> +#
> +# Copyright (c) Microsoft Corporation.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +# Please see the documentation for all configuration options:
> +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
> +##
> +version: 2
> +updates:
> + - package-ecosystem: "pip"
> + directory: "/"
> + schedule:
> + interval: "daily"
> + commit-message:
> + prefix: "pip"
> + reviewers:
> + - "makubacki"
> + - "mdkinney"
> + - "spbrogan"
> +
> + - package-ecosystem: "gitsubmodule"
> + directory: "/"
> + schedule:
> + interval: "daily"
> + commit-message:
> + prefix: "submodule"
> + reviewers:
> + - "makubacki"
> + - "mdkinney"
> + - "spbrogan"
> +
> + - package-ecosystem: "github-actions"
> + directory: "/"
> + schedule:
> + interval: "weekly"
> + day: "monday"
> + commit-message:
> + prefix: "GitHub Action"
> + reviewers:
> + - "makubacki"
> + - "mdkinney"
> + - "spbrogan"
> --
> 2.28.0.windows.1
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#96187): https://edk2.groups.io/g/devel/message/96187
> Mute This Topic: https://groups.io/mt/94935824/1643496
> Group Owner: devel+owner at edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [michael.d.kinney at intel.com]
> -=-=-=-=-=-=
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#96200): https://edk2.groups.io/g/devel/message/96200
Mute This Topic: https://groups.io/mt/94935824/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list