Skip to content

Commit 1ad7ce1

Browse files
committed
Add GitHub Actions to the dependabot config
1 parent 1facabe commit 1ad7ce1

File tree

3 files changed

+48
-3
lines changed

3 files changed

+48
-3
lines changed

.github/dependabot.yml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
1-
# Please see the documentation for all configuration options:
2-
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
3-
41
version: 2
52
updates:
63
- package-ecosystem: "pip"
74
directory: "/"
85
schedule:
96
interval: "weekly"
7+
- package-ecosystem: "github-actions"
8+
directory: "/"
9+
schedule:
10+
interval: "weekly"

AGENTS.md

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ This is the **Weekly Dev Chat** website, a static site built with MkDocs Materia
2929
├── create_post.sh # Bash script to create new blog posts
3030
├── create_post.ps1 # PowerShell script to create new blog posts
3131
├── .github/
32+
│ ├── dependabot.yml # Dependabot dependency updates
3233
│ └── workflows/
3334
│ └── ci.yml # GitHub Actions deployment workflow
3435
└── docs/ # All site content
@@ -206,6 +207,39 @@ Not typically needed due to automated workflow, but can be done:
206207
mkdocs gh-deploy --force
207208
```
208209

210+
## Dependency Management
211+
212+
### Dependabot
213+
214+
Dependabot is configured in `.github/dependabot.yml` to automatically keep dependencies up to date:
215+
216+
- **Python packages** (`requirements.txt`): Checked weekly for updates to mkdocs-material
217+
- **GitHub Actions**: Checked weekly for updates to workflow actions (checkout, setup-python, cache)
218+
219+
When updates are available, Dependabot automatically creates pull requests with:
220+
- Version bump details
221+
- Changelog information
222+
- Compatibility notes
223+
224+
**Configuration**:
225+
```yaml
226+
version: 2
227+
updates:
228+
- package-ecosystem: "pip"
229+
directory: "/"
230+
schedule:
231+
interval: "weekly"
232+
- package-ecosystem: "github-actions"
233+
directory: "/"
234+
schedule:
235+
interval: "weekly"
236+
```
237+
238+
**Review Process**: Review and merge Dependabot PRs after verifying:
239+
1. CI/CD workflow passes
240+
2. Local testing confirms no breaking changes
241+
3. Release notes indicate compatibility
242+
209243
## Git Ignore Patterns
210244
211245
The following are ignored:

README.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,7 @@ These scripts will:
112112
├── create_post.sh # Bash script to create blog posts
113113
├── create_post.ps1 # PowerShell script to create blog posts
114114
├── .github/
115+
│ ├── dependabot.yml # Dependabot configuration
115116
│ └── workflows/
116117
│ └── ci.yml # GitHub Actions deployment
117118
└── docs/ # All site content
@@ -164,6 +165,15 @@ While not typically needed, you can manually deploy:
164165
```bash
165166
mkdocs gh-deploy --force
166167
```
168+
169+
## Dependency Management
170+
171+
The project uses **Dependabot** to automatically keep dependencies up to date. Dependabot is configured to check weekly for:
172+
- Python package updates (mkdocs-material)
173+
- GitHub Actions updates
174+
175+
When updates are available, Dependabot creates pull requests automatically. Review and merge these PRs after verifying the CI workflow passes.
176+
167177
## Resources
168178

169179
- [MkDocs Documentation](https://www.mkdocs.org)

0 commit comments

Comments
 (0)