From d29f91fd23892de10dd33dd47f30128c306693ff Mon Sep 17 00:00:00 2001 From: SuperKali Date: Fri, 9 Jan 2026 08:15:52 +0100 Subject: [PATCH] feat: add Dependabot configuration for dependency management Configure automated dependency updates for: - npm dependencies (package.json) - Rust/Cargo dependencies (src-tauri/Cargo.toml) - GitHub Actions workflows Schedule: Weekly updates (Mondays at 09:00 UTC) - Separate PRs for each dependency - Major version updates require manual approval - Tauri major updates ignored (requires manual migration) - Added labels: javascript, rust, github-actions --- .github/dependabot.yml | 82 ++++++++++++++++++++++++++++++++++++++++++ .github/labels.yml | 12 +++++++ 2 files changed, 94 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..63dd692 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,82 @@ +version: 2 +updates: + # =========================================== + # NPM Dependencies (Root package.json) + # =========================================== + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "UTC" + # Group low-risk type definition updates together + groups: + dev-dependencies: + patterns: + - "@types/*" + - "eslint*" + - "typescript-eslint" + exclude-patterns: + - "@types/react" + - "@types/react-dom" + # Maintain version constraints (don't update lock file only) + versioning-strategy: "increase" + open-pull-requests-limit: 10 + commit-message: + prefix: "deps" + prefix-development: "chore" + include: "scope" + labels: + - "dependencies" + - "javascript" + rebase-strategy: "auto" + + # =========================================== + # Rust/Cargo Dependencies (src-tauri/Cargo.toml) + # =========================================== + - package-ecosystem: "cargo" + directory: "/src-tauri" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "UTC" + versioning-strategy: "increase" + open-pull-requests-limit: 10 + commit-message: + prefix: "deps" + include: "scope" + labels: + - "dependencies" + - "rust" + rebase-strategy: "auto" + # Ignore major Tauri updates (requires manual migration) + ignore: + - dependency-name: "tauri" + update-types: ["version-update:semver-major"] + - dependency-name: "tauri-cli" + update-types: ["version-update:semver-major"] + + # =========================================== + # GitHub Actions Dependencies + # =========================================== + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "UTC" + # Separate PRs for each action + groups: [] + versioning-strategy: "increase" + open-pull-requests-limit: 10 + commit-message: + prefix: "ci" + include: "scope" + labels: + - "dependencies" + - "github-actions" + - "ci-cd" + rebase-strategy: "auto" diff --git a/.github/labels.yml b/.github/labels.yml index 7741ec5..59023ae 100644 --- a/.github/labels.yml +++ b/.github/labels.yml @@ -311,6 +311,18 @@ color: "0366d6" description: Dependency updates +- name: javascript + color: "f1e05a" + description: JavaScript/TypeScript dependencies + +- name: rust + color: "dea584" + description: Rust/Cargo dependencies + +- name: github-actions + color: "6f42c1" + description: GitHub Actions workflows and dependencies + # =========================================== # ERRORS # ===========================================