BitLockerKeyMonitor/.github/dependabot.yml at master · robgrame/BitLockerKeyMonitor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Dependabot configuration for BitLockerKeyMonitor
# Docs: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
#
# Combined with the repository-level "Dependabot security updates" toggle,
# this gives us:
#   * weekly version-bump PRs for NuGet packages and GitHub Actions
#   * out-of-band security PRs for any dependency with an advisory (managed
#     by GitHub itself, not by this file)
version: 2

updates:
  # Backend / .NET 10 solution
  - package-ecosystem: "nuget"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "06:00"
      timezone: "Europe/Rome"
    open-pull-requests-limit: 5
    labels:
      - "dependencies"
      - "nuget"
    commit-message:
      prefix: "chore(deps)"
      include: "scope"
    groups:
      microsoft:
        patterns:
          - "Microsoft.*"
          - "System.*"
      azure:
        patterns:
          - "Azure.*"
      logging:
        patterns:
          - "Serilog*"
      ef-core:
        patterns:
          - "Microsoft.EntityFrameworkCore*"
      graph:
        patterns:
          - "Microsoft.Graph*"
          - "Microsoft.Kiota*"

  # GitHub Actions workflows (none today, but cheap to keep configured for
  # the moment we add CI).
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "06:00"
      timezone: "Europe/Rome"
    open-pull-requests-limit: 5
    labels:
      - "dependencies"
      - "github-actions"
    commit-message:
      prefix: "chore(ci)"
      include: "scope"