[MARIO-570] Adding dependabot autoappoval/merge#61
[MARIO-570] Adding dependabot autoappoval/merge#61IndianAg0711 wants to merge 4 commits intomainfrom
Conversation
|
| - "wpengine/mario" | ||
| - package-ecosystem: "npm" | ||
| directory: "/" | ||
| directory: "/assets" |
There was a problem hiding this comment.
I am not sure that /assets is a valid directory in this repo. Should the directory just be /?
| package.json @pe-domino-bot @wpengine/mario | ||
| package-lock.json @pe-domino-bot @wpengine/mario | ||
| Dockerfile @pe-domino-bot @wpengine/mario | ||
| docker-compose.yml @pe-domino-bot @wpengine/mario No newline at end of file |
There was a problem hiding this comment.
| docker-compose.yml @pe-domino-bot @wpengine/mario |
| steps: | ||
| - name: Dependabot metadata | ||
| id: metadata | ||
| uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 |
There was a problem hiding this comment.
The changes for the other repo used dependabot/fetch-metadata@v3.1.0. Using the SHA like you have here is probably the safer choice between the two, but I wanted to note the difference.
| ignore: | ||
| - dependency-name: "*" | ||
| update-types: ["version-update:semver-major"] | ||
| open-pull-requests-limit: 10 No newline at end of file |
There was a problem hiding this comment.
Nit, but I noticed there is no newline at the end of the file.
| open-pull-requests-limit: 10 | |
| open-pull-requests-limit: 10 | |
There was a problem hiding this comment.
Should we include the github-actions package ecosystem for updates as well? Since dependabot/fetch-metadata is pinned by SHA, it won't receive updates unless something bumps it.
…ecosystem, add workflow paths to CODEOWNERS for bot approval
2 participants
JIRA Ticket
MARIO-570
What Are We Doing Here
Adding config for dependabot to auto approve and merge minor and patch dep updates that pass ci