improve dependabot config and commit the lockfile (#120)

* improve dependabot config and commit the lockfile * fixup * fixup * enable dependabot auto-merging --------- Co-authored-by: daniel.eades <[email protected]>
serverlesstechnology · Jan 23, 2025 · 74ef0b2 · 74ef0b2
1 parent 3615030
commit 74ef0b2
Show file tree

Hide file tree

Showing 4 changed files with 3,723 additions and 12 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,12 +1,45 @@
 version: 2
 updates:
-- package-ecosystem: cargo
-  directory: "/"
-  schedule:
-    interval: daily
-- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: daily
-  ignore:
-    - dependency-name: dtolnay/rust-toolchain
+  # bump major and minor updates as soon as available
+  - package-ecosystem: cargo
+    target-branch: main # see https://github.com/dependabot/dependabot-core/issues/1778#issuecomment-1988140219
+    directory: /
+    schedule:
+      interval: daily
+    commit-message:
+      prefix: chore
+      include: scope
+    ignore:
+      - dependency-name: "*"
+        update-types:
+          - "version-update:semver-patch"
+
+  # bundle patch updates together on a monthly basis
+  # (note that security updates will be bumped as soon as available)
+  - package-ecosystem: cargo
+    directory: /
+    schedule:
+      interval: monthly
+    commit-message:
+      prefix: chore
+      include: scope
+    groups:
+      patch-updates:
+        update-types:
+          - patch
+    ignore:
+      - dependency-name: "*"
+        update-types:
+          - "version-update:semver-minor"
+          - "version-update:semver-major"
+
+  # bump actions as soon as available
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    commit-message:
+      prefix: chore
+      include: scope
+    ignore:
+      - dependency-name: dtolnay/rust-toolchain
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -28,7 +28,7 @@ jobs:
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.rust }}
-      - run: cargo test
+      - run: cargo test --locked
 
   test-persistence:
     name: test persistence
@@ -88,3 +88,18 @@ jobs:
           toolchain: ${{ env.MSRV }}
       - uses: taiki-e/install-action@cargo-no-dev-deps
       - run: cargo no-dev-deps check
+
+  # Automatically merge if it's a Dependabot PR that passes the build
+  dependabot:
+    needs: [check, test, test-persistence, fmt, cargo-deny, msrv]
+    permissions:
+      contents: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.gitignore b/.gitignore
@@ -2,6 +2,5 @@
 
 /target
 **/*.rs.bk
-Cargo.lock
 
 /docs/book/book