From 3cd5fe491c804284d0f8b2e67b4754a9f7bc82c2 Mon Sep 17 00:00:00 2001 From: Michael Hucka Date: Sat, 11 Oct 2025 22:38:50 -0700 Subject: [PATCH 1/2] Add a Dependabot config file --- .github/dependabot.yaml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/dependabot.yaml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..112f638 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,35 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +version: 2 +updates: + - package-ecosystem: "github-actions" + # The "github-actions" code explicitly looks in /.github/workflows if the + # value "/" is given for the directory attribute. Yes, that's confusing. + directory: "/" + schedule: + interval: "monthly" + labels: + - "area/devops" + - "area/health" + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "monthly" + versioning-strategy: "increase-if-necessary" + labels: + - "area/dependencies" + - "area/python" + - "area/health" From 413c2946da92a9e86004da632659583baaa31182 Mon Sep 17 00:00:00 2001 From: Michael Hucka Date: Mon, 13 Oct 2025 11:02:05 -0700 Subject: [PATCH 2/2] Use recursive search for pip dependencies Tell Dependabot to look for pip dependency files in subdirectories. Note: rather than limit it to `src/py` where `requirements_lock.txt` is currently located, this will make it search in all directories so that if the file locations change in the future, Dependabot is likely to be able to still find the dependency files. --- .github/dependabot.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 112f638..949cb6b 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -25,7 +25,8 @@ updates: - "area/health" - package-ecosystem: "pip" - directory: "/" + directories: + - "**/*" schedule: interval: "monthly" versioning-strategy: "increase-if-necessary"