Skip to content

Commit

Permalink
Add renovatebot as a dependency management option (#271)
Browse files Browse the repository at this point in the history
* add renovatebot as an option

* very important linting

* very important linting

* Update specification/repository.md

Co-authored-by: Robert Pająk <[email protected]>

* update changelog

* Update CHANGELOG.md

---------

Co-authored-by: Robert Pająk <[email protected]>
  • Loading branch information
breedx-splk and pellared authored Oct 16, 2023
1 parent 3e793c1 commit 7f169f0
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

- Require a CLA Assistant GitHub workflow. (#269)
- Update the CLA notice in `CONTRIBUTING.md` template. (#269)
- Add Renovate as an acceptable alternative to Dependabot. (#271)

## [1.6.0] - 2023-09-14

Expand Down
14 changes: 14 additions & 0 deletions specification/repository.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,25 @@ approval is granted, GDI repositories MUST NOT cut a GA release.
- MUST lock the versions of all build dependencies (e.g. libraries, binaries,
scripts, docker images) or vendor them; **EXCEPTION:** tools that are
available out-of-the-box on the CI runner
- To help keep dependencies up to date, the repo MUST be configured with
[Dependabot](https://github.com/dependabot/dependabot-core) or [Renovate](https://github.com/apps/renovate).

#### Dependabot

- MUST enable [Dependabot alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)
- MUST grant access to alerts for the approvers and maintainers teams
- MUST enable [Dependabot security updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)
- MUST configure [Dependabot version updates](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)

#### Renovate

Follow the steps below if you want to use Renovate to update the dependencies.

- MUST add the repo to the [list of Renovatebot repos](https://github.com/organizations/signalfx/settings/installations/41531652).
- MUST add a
[Renovate config file](https://docs.renovatebot.com/configuration-options/)
to the repo.

### GitHub Actions

- MUST use [GitHub
Expand Down

0 comments on commit 7f169f0

Please sign in to comment.