forked from phoenix-oss/llama-stack-mirror
2d2bb701fa
# What does this PR do? This PR adds dependabot updates for Python dependencies. In addition: * Consistent weekly schedule on a specific day * Specific commit messages * `open-pull-requests-limit` is intentional to avoid upgrading dependencies that will likely cause regressions. We want to keep the focus here on security updates only Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
23 lines
776 B
YAML
23 lines
776 B
YAML
# GitHub Dependabot configuration
|
|
version: 2
|
|
updates:
|
|
# Enable version updates for GitHub Actions
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/" # Will use the default workflow location of `.github/workflows`
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "saturday"
|
|
commit-message:
|
|
prefix: chore(github-deps)
|
|
- package-ecosystem: "uv"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "saturday"
|
|
# ignore all non-security updates: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
|
|
open-pull-requests-limit: 0
|
|
labels:
|
|
- type/dependencies
|
|
- python
|
|
commit-message:
|
|
prefix: chore(python-deps)
|