Dependabot updates for internal dependencies
Do you want to know when someone releases a new version of a package you use? You can set up Dependabot to automatically raise pull requests for outdated dependencies, including internal Gjensidige libraries. This will make is easier to keep up to date with new releases.
Add a Dependabot configuration file, dependabot.yml
, in the .github
directory of your repository. Get full overview of all configuration options in the GitHub docs: Configuration options for dependency updates.
The following configuration will ensure automatic updates for internal NPM dependencies:
version: 2
registries:
npm-github:
type: "npm-registry"
url: "https://npm.pkg.github.com"
token: ${{ secrets.GJENSIDIGE_GITHUB_PACKAGES_TOKEN }} # Globally available
updates:
- package-ecosystem: "npm"
directory: "/"
registries:
- "npm-github"
schedule:
interval: "daily"
commit-message:
prefix: "fix"
prefix-development: "chore"
include: "scope"
The following configuration will ensure automatic updates for internal Maven dependencies:
version: 2
registries:
maven-github:
type: "maven-repository"
url: "https://maven.pkg.github.com/gjensidige"
username: "x-access-token"
password: ${{ secrets.GJENSIDIGE_GITHUB_PACKAGES_TOKEN }} # Globally available
updates:
- package-ecosystem: "maven"
directory: "/"
registries:
- "maven-github"
schedule:
interval: "daily"
commit-message:
prefix: "fix"
prefix-development: "chore"
include: "scope"
By default, Dependabot opens a maximum of 5 PRs for version updates. Once there are 5 open PRs, new requests are blocked until you merge or close some open requests, after which new PRs can be opened on subsequent updates. Use open-pull-requests-limit
to change this limit.