mirror of
https://github.com/anchore/syft.git
synced 2026-02-12 18:46:41 +01:00
3e563d90d5
* ci: enable zizmor to fail PRs Enable zizmor (gh actions yaml linter) to fail builds in PRs. Fix any outstanding linting errors found by this tool. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * fix outdated version comments Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> --------- Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
55 lines
1.5 KiB
YAML
55 lines
1.5 KiB
YAML
# Dependabot configuration
|
|
#
|
|
# Grouping behavior (see inline comments for details):
|
|
# - Minor + patch updates: grouped into a single PR per ecosystem
|
|
# - Major version bumps: individual PR per dependency
|
|
# - Security updates: individual PR per dependency
|
|
#
|
|
# Note: "patch" refers to semver version bumps (1.2.3 -> 1.2.4), not security fixes.
|
|
# Security updates are identified separately via GitHub's Advisory Database and
|
|
# can be any version bump (patch, minor, or major) that fixes a known CVE.
|
|
|
|
version: 2
|
|
|
|
updates:
|
|
|
|
- package-ecosystem: gomod
|
|
directory: "/"
|
|
cooldown:
|
|
default-days: 7
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "friday"
|
|
open-pull-requests-limit: 10
|
|
labels:
|
|
- "dependencies"
|
|
groups:
|
|
go-minor-patch:
|
|
applies-to: version-updates # security updates get individual PRs
|
|
patterns:
|
|
- "*"
|
|
update-types: # major omitted, gets individual PRs
|
|
- "minor"
|
|
- "patch"
|
|
|
|
- package-ecosystem: "github-actions"
|
|
directories:
|
|
- "/"
|
|
- "/.github/actions/bootstrap"
|
|
cooldown:
|
|
default-days: 7
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "friday"
|
|
open-pull-requests-limit: 10
|
|
labels:
|
|
- "dependencies"
|
|
groups:
|
|
actions-minor-patch:
|
|
applies-to: version-updates # security updates get individual PRs
|
|
patterns:
|
|
- "*"
|
|
update-types: # major omitted, gets individual PRs
|
|
- "minor"
|
|
- "patch"
|