dependabot-circleci

command module

v0.0.0-...-cc8cc2f Latest Latest Go to latest Published: Oct 11, 2023 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/BESTSELLER/dependabot-circleci

README ¶

dependabot-circleci

CircleCI GitHub repo size GitHub

dependabot-circleci is, as its name suggests, a small dependabot for CircleCI orbs and container images. We have created this as at the time of creation it was nearly impossible to get changes into the official dependabot.

Getting Started

Install the dependabot-circleci GitHub App in your organization.
You enable dependabot-circleci on specific repositories by creating a dependabot-circleci.yml configuration file in your repository's .github directory. dependabot-circleci then raise pull requests to keep the dependencies you configure up-to-date.

Example dependabot-circleci.yml file

The example dependabot-circleci.yml file below configures version updates. If it finds outdated dependencies, it will raise pull requests against the target branch to update the dependencies.

# example dependabot-circleci.yml file

assignees:
  - github_username # for a single user
  - org/team_name # for a whole team (nested teams is the same syntax org/team_name)
labels:
  - label1
  - label2
reviewers:
  - github_username # for a single user
  - org/team_name # for a whole team (nested teams is the same syntax org/team_name)
target-branch: main
directory: "/template" # Used if .github directory is nested inside another directory
schedule: "monthly" # Options are (daily, weekly, monthly)

Configuration options for dependency updates

The dependabot-circleci configuration file, dependabot-circleci.yml, uses YAML syntax. You must store this file in the .github directory of your repository.

Option	Description	Default
`assignees`	Assignees to set on pull requests	n/a
`labels`	Labels to set on pull requests	n/a
`reviewers`	Reviewers to set on pull requests	n/a
`target-branch`	Branch to create pull requests against	Default branch in the repo
`directory`	Location of .github directory	Root of repo
`schedule`	When to look for updates	daily

Contributing

We are open for issues, pull requests etc.

Running locally

Clone the repository

Make sure to have your secrets file in place
2.1 BESTSELLER folks can use Harpocrates to get them from Vault.

harpocrates -f secrets-local.yaml --vault-token $(vault token create -format=json | jq -r '.auth.client_token')

2.2 Others will have to fill out this template in any other way.

{
  "datadog": {
    "api_key": ""
  },
  "github": {
    "app": {
      "integration_id": ,
      "private_key": "",
      "webhook_secret": ""
    },
    "oauth": {
      "client_id": "",
      "client_secret": ""
    },
    "v3_api_url": "https://api.github.com/"
  },
  "http": {
    "token": ""
  },
  "server": {
    "port": 3000,
    "public_url": ""
  },
  "bestseller_specific": {
    "token": ""
  }
}

Run dependabot-circleci by using Docker compose

--build will ensure that the latest version of the code is used
```
docker-compose up --build
```

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
api
circleci
config
datadog
db
dependabot
gh
logger

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL