dependabot-circleci
dependabot-circleci
is, as its name suggests, a small dependabot for CircleCI orbs and container images.
We have created this as at the time of creation it was nearly impossible to get changes into the official dependabot.
Getting Started
- Install the
dependabot-circleci
GitHub App in your organization.
- You enable
dependabot-circleci
on specific repositories by creating a dependabot-circleci.yml
configuration file in your repository's .github
directory. dependabot-circleci
then raise pull requests to keep the dependencies you configure up-to-date.
Example dependabot-circleci.yml file
The example dependabot-circleci.yml file below configures version updates. If it finds outdated dependencies, it will raise pull requests against the target branch to update the dependencies.
# example dependabot-circleci.yml file
assignees:
- github_username # for a single user
- org/team_name # for a whole team (nested teams is the same syntax org/team_name)
labels:
- label1
- label2
reviewers:
- github_username # for a single user
- org/team_name # for a whole team (nested teams is the same syntax org/team_name)
target-branch: main
directory: "/template" # Used if .github directory is nested inside another directory
schedule: "monthly" # Options are (daily, weekly, monthly)
Configuration options for dependency updates
The dependabot-circleci
configuration file, dependabot-circleci.yml, uses YAML syntax.
You must store this file in the .github directory of your repository.
Option |
Required |
Description |
Default |
assignees |
|
Assignees to set on pull requests |
n/a |
labels |
|
Labels to set on pull requests |
n/a |
reviewers |
|
Reviewers to set on pull requests |
n/a |
target-branch |
|
Branch to create pull requests against |
Default branch in the repo |
directory |
|
Location of .github directory |
Root of repo |
schedule |
|
When to look for updates |
daily |
Contributing
We are open for issues, pull requests etc.
Running locally
- Clone the repository
- Make sure to have your secrets file in place
2.1 BESTSELLER folks can use Harpocrates to get them from Vault.
harpocrates -f secrets-local.yaml --vault-token $(vault token create -format=json | jq -r '.auth.client_token')
2.2 Others will have to fill out this template in any other way.
{
"datadog": {
"api_key": ""
},
"github": {
"app": {
"integration_id": ,
"private_key": "",
"webhook_secret": ""
},
"oauth": {
"client_id": "",
"client_secret": ""
},
"v3_api_url": "https://api.github.com/"
},
"http": {
"token": ""
},
"server": {
"port": 3000,
"public_url": ""
},
"bestseller_specific": {
"token": ""
}
}
- Run
dependabot-circleci
by using Docker compose
--build
will ensure that the latest version of the code is used
docker-compose up --build