Configure dependabot. (#2980)

Adds dependabot config. Seems like monthly is the least frequent update you can choose right now (there are feature request for quarterly and for chron like syntax). For now I used the daily interval though. I want to make sure it works, will then switch to monthly. The main thing I'd like to see is that the main `yarn.lock` file gets updated. That didn't happen in one of the previous dependabot PRs (seems like [others faced the same issue](https://github.com/dependabot/dependabot-core/issues/6346)). So 🤞 this solves it. Also added a dedupe workflow, that should only run on dependabot branches (prefixed with `depandabot/`). Otherwise we would need to manually do it, as [seen on this PR](https://github.com/tldraw/tldraw/pull/2982) ([failure](https://github.com/tldraw/tldraw/actions/runs/8070271847/job/22047204003)). ### Change Type - [ ] `patch` — Bug fix - [ ] `minor` — New feature - [ ] `major` — Breaking change - [ ] `dependencies` — Changes to package dependencies[^1] - [ ] `documentation` — Changes to the documentation only[^2] - [ ] `tests` — Changes to any test code only[^2] - [x] `internal` — Any other changes that don't affect the published package[^2] - [ ] I don't know [^1]: publishes a `patch` release, for devDependencies use `internal` [^2]: will not publish a new version
2024-03-04 12:43:42 +01:00 · 2024-03-04 12:43:42 +01:00 · faebbe1ea6
commit faebbe1ea6
parent 9ae808c12c
2 changed files with 44 additions and 0 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,7 @@
+version: 2
+updates:
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'daily'
+    versioning-strategy: increase
--- a/.github/workflows/dependabot-dedupe.yml
+++ b/.github/workflows/dependabot-dedupe.yml
@ -0,0 +1,37 @@
+name: Dedupe Dependabot PRs
+
+on:
+  push:
+    branches: ['dependabot/**']
+
+permissions:
+  contents: write
+  pull-requests: write
+  repository-projects: write
+
+jobs:
+  dedupe:
+    name: Dedupe Dependabot PRs
+    runs-on: ubuntu-latest-16-cores-open
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - uses: ./.github/actions/setup
+
+      - name: Configure Git
+        run: |
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+
+      - name: Dedupe dependencies
+        run: yarn dedupe
+
+      - name: Commit changes
+        run: |
+          git add .
+          git commit -m 'Dedupe' || true
+
+      - name: Push changes
+        run: git push