diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a87a2f2f8f..b1043e53b0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,13 +1,31 @@ version: 2 updates: + # GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: ":seedling:" + labels: + - "kind/cleanup" + - "area/ci" + - "ok-to-test" + - "release-note-none" + + # Main Go module - package-ecosystem: "gomod" directory: "/" schedule: interval: "weekly" + day: "monday" commit-message: prefix: ":seedling:" labels: - "kind/cleanup" + - "area/dependency" + - "ok-to-test" + - "release-note-none" groups: dependencies: patterns: @@ -15,22 +33,33 @@ updates: ignore: # Ignore Cluster-API as its upgraded manually. - dependency-name: "sigs.k8s.io/cluster-api*" + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] # Ignore controller-runtime as its upgraded manually. - dependency-name: "sigs.k8s.io/controller-runtime" - # Ignore k8s and its transitives modules as they are upgraded manually - # together with controller-runtime. + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] + # Ignore k8s and its transitives modules as they are upgraded manually together with controller-runtime. - dependency-name: "k8s.io/*" + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] - dependency-name: "go.etcd.io/*" + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] - dependency-name: "google.golang.org/grpc" + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] + # Bumping the kustomize API independently can break compatibility with client-go as they share k8s.io/kube-openapi as a dependency. + - dependency-name: "sigs.k8s.io/kustomize/api" + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] - package-ecosystem: "docker" directory: "/" schedule: interval: "weekly" + day: "monday" commit-message: prefix: ":seedling:" labels: - "kind/cleanup" + - "area/dependency" + - "ok-to-test" + - "release-note-none" groups: dependencies: patterns: @@ -41,10 +70,14 @@ updates: directory: "/hack/tools" schedule: interval: "weekly" + day: "wednesday" commit-message: prefix: ":seedling:" labels: - "kind/cleanup" + - "area/dependency" + - "ok-to-test" + - "release-note-none" groups: dependencies: patterns: @@ -52,35 +85,33 @@ updates: ignore: # Ignore Cluster-API as its upgraded manually. - dependency-name: "sigs.k8s.io/cluster-api*" + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] # Ignore controller-runtime as its upgraded manually. - dependency-name: "sigs.k8s.io/controller-runtime" - # Ignore k8s and its transitives modules as they are upgraded manually - # together with controller-runtime. + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] + # Ignore k8s and its transitives modules as they are upgraded manually together with controller-runtime. - dependency-name: "k8s.io/*" - # Ignore controller-tools as its upgraded manually. - - dependency-name: "sigs.k8s.io/controller-tools" + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] + - dependency-name: "go.etcd.io/*" + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] + - dependency-name: "google.golang.org/grpc" + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] + # Bumping the kustomize API independently can break compatibility with client-go as they share k8s.io/kube-openapi as a dependency. + - dependency-name: "sigs.k8s.io/kustomize/api" + update-types: [ "version-update:semver-major", "version-update:semver-minor" ] - package-ecosystem: "docker" directory: "/hack/tools" schedule: interval: "weekly" + day: "wednesday" commit-message: prefix: ":seedling:" labels: - "kind/cleanup" - groups: - dependencies: - patterns: - - "*" - - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" - commit-message: - prefix: ":seedling:" - labels: - - "kind/cleanup" + - "area/dependency" + - "ok-to-test" + - "release-note-none" groups: dependencies: patterns: