Dependabot Options

gh-dependabot

Github dependabot configurations

gh-dependabot.<packager>."<directory>".interval = "<interval>";

See github documentations of package-ecosystem directory and interval

type

attribute set of attribute set of (submodule)

example

{
  gh-dependabot = {
    npm = true;
    pip = {
      "/" = {
        interval = "weekly";
      };
    };
  };
}

default

{
  gh-dependabot = { };
}

gh-dependabot.<name>.<name>.allow

Customize which dependencies are updated, see dependabot docs

type

null or (submodule)

example

{
  gh-dependabot.<name>.<name>.allow = {
    development = [
      "sphinix"
    ];
    production = true;
  };
}

default

{
  gh-dependabot.<name>.<name>.allow = null;
}

gh-dependabot.<name>.<name>.allow.all

All explicit and direct dependencies

type

(non-empty (list of non-empty string)) or boolean

example

{
  gh-dependabot.<name>.<name>.allow.all = [
    "express"
  ];
}

default

{
  gh-dependabot.<name>.<name>.allow.all = false;
}

gh-dependabot.<name>.<name>.allow.development

Dependencies for development

type

(non-empty (list of non-empty string)) or boolean

example

{
  gh-dependabot.<name>.<name>.allow.development = [
    "express"
  ];
}

default

{
  gh-dependabot.<name>.<name>.allow.development = false;
}

gh-dependabot.<name>.<name>.allow.direct

All explicitly defined dependencies

type

(non-empty (list of non-empty string)) or boolean

example

{
  gh-dependabot.<name>.<name>.allow.direct = [
    "express"
  ];
}

default

{
  gh-dependabot.<name>.<name>.allow.direct = false;
}

gh-dependabot.<name>.<name>.allow.indirect

Dependencies of dependencies

type

(non-empty (list of non-empty string)) or boolean

example

{
  gh-dependabot.<name>.<name>.allow.indirect = [
    "express"
  ];
}

default

{
  gh-dependabot.<name>.<name>.allow.indirect = false;
}

gh-dependabot.<name>.<name>.allow.production

Dependencies for production

type

(non-empty (list of non-empty string)) or boolean

example

{
  gh-dependabot.<name>.<name>.allow.production = [
    "express"
  ];
}

default

{
  gh-dependabot.<name>.<name>.allow.production = false;
}

gh-dependabot.<name>.<name>.assignees

Who will be assigned to pull request

type

list of non-empty string

example

{
  gh-dependabot.<name>.<name>.assignees = [
    "jaoooooo"
  ];
}

default

{
  gh-dependabot.<name>.<name>.assignees = [ ];
}

gh-dependabot.<name>.<name>.auto-rebase

Disable auto rebase (enabled by default) see github documentations

type

null or boolean

example

{
  gh-dependabot.<name>.<name>.auto-rebase = false;
}

default

{
  gh-dependabot.<name>.<name>.auto-rebase = null;
}

gh-dependabot.<name>.<name>.commit

Customize commit message prefix, see dependabot docs

type

null or (submodule)

example

{
  gh-dependabot.<name>.<name>.commit = {
    prefix = "RED-ALERT";
    prefix-dev = "warn";
    scope = true;
  };
}

default

{
  gh-dependabot.<name>.<name>.commit = null;
}

gh-dependabot.<name>.<name>.commit.dev-prefix

Prefix of commit message for development dependencies

type

null or non-empty string

example

{
  gh-dependabot.<name>.<name>.commit.dev-prefix = "warn";
}

default

{
  gh-dependabot.<name>.<name>.commit.dev-prefix = null;
}

gh-dependabot.<name>.<name>.commit.prefix

Prefix of commit message

type

non-empty string

example

{
  gh-dependabot.<name>.<name>.commit.prefix = "RED-ALERT";
}

gh-dependabot.<name>.<name>.commit.scope

If commit message should be contain scope

type

boolean

example

{
  gh-dependabot.<name>.<name>.commit.scope = true;
}

default

{
  gh-dependabot.<name>.<name>.commit.scope = false;
}

gh-dependabot.<name>.<name>.day

Day of week for weekly run (null is monday)

type

null or one of "monday", "tuesday", "wednesday", "thursday", "friday", "saturday", "sunday"

example

{
  gh-dependabot.<name>.<name>.day = "friday";
}

default

{
  gh-dependabot.<name>.<name>.day = null;
}

gh-dependabot.<name>.<name>.ignore

Customize which dependencies are ignored, see dependabot docs

type

attribute set of ((submodule) or boolean)

example

{
  gh-dependabot.<name>.<name>.ignore = {
    django = {
      major = true;
      minor = true;
      patch = true;
    };
    express = true;
    sphinix = {
      versions = [
        "4.x"
        "5.x"
      ];
    };
  };
}

default

{
  gh-dependabot.<name>.<name>.ignore = { };
}

gh-dependabot.<name>.<name>.insecure-external-code-execution

Deny or allow external code execution, see github documentations

type

null or boolean

example

{
  gh-dependabot.<name>.<name>.insecure-external-code-execution = true;
}

default

{
  gh-dependabot.<name>.<name>.insecure-external-code-execution = null;
}

gh-dependabot.<name>.<name>.interval

Periodicity of check: daily weekly monthly

type

one of "daily", "weekly", "monthly"

example

{
  gh-dependabot.<name>.<name>.interval = "monthly";
}

default

{
  gh-dependabot.<name>.<name>.interval = "weekly";
}

gh-dependabot.<name>.<name>.labels

Labels to be added in pull request see github documentations

type

list of non-empty string

example

{
  gh-dependabot.<name>.<name>.labels = [
    "depencencies"
  ];
}

default

{
  gh-dependabot.<name>.<name>.labels = [ ];
}

gh-dependabot.<name>.<name>.limit

Maximum open pull requests before next update see github documentations

type

null or signed integer

example

{
  gh-dependabot.<name>.<name>.limit = 5;
}

default

{
  gh-dependabot.<name>.<name>.limit = null;
}

gh-dependabot.<name>.<name>.milestoneId

Id of milestone associated with see github documentations

type

null or signed integer

example

{
  gh-dependabot.<name>.<name>.milestoneId = 4;
}

default

{
  gh-dependabot.<name>.<name>.milestoneId = null;
}

gh-dependabot.<name>.<name>.reviewers

List of developers to review see github documentations

type

list of non-empty string

example

{
  gh-dependabot.<name>.<name>.reviewers = [
    "your-user-name"
    "your-org/some-team"
  ];
}

default

{
  gh-dependabot.<name>.<name>.reviewers = [ ];
}

gh-dependabot.<name>.<name>.separator

branch name separator see github documentations

type

null or non-empty string

example

{
  gh-dependabot.<name>.<name>.separator = "-";
}

default

{
  gh-dependabot.<name>.<name>.separator = null;
}

gh-dependabot.<name>.<name>.target-branch

Branch to be target see github documentations

type

null or non-empty string

example

{
  gh-dependabot.<name>.<name>.target-branch = "your-main-branch";
}

default

{
  gh-dependabot.<name>.<name>.target-branch = null;
}

gh-dependabot.<name>.<name>.time

Time of day to check for updates (format: hh:mm)

type

null or string matching the pattern [0-2][0-9]:[0-5][0-9]

example

{
  gh-dependabot.<name>.<name>.time = "16:25";
}

default

{
  gh-dependabot.<name>.<name>.time = null;
}

gh-dependabot.<name>.<name>.timezone

Specify an time zone, time zone identifier is defined by iana

type

null or non-empty string

example

{
  gh-dependabot.<name>.<name>.timezone = "Asia/Tokyo";
}

default

{
  gh-dependabot.<name>.<name>.timezone = null;
}

gh-dependabot.<name>.<name>.vendor

tell Dependabot to vendor dependencies see github documentations

type

boolean

example

{
  gh-dependabot.<name>.<name>.vendor = true;
}

default

{
  gh-dependabot.<name>.<name>.vendor = false;
}

gh-dependabot.<name>.<name>.versioning-strategy

Dependabot versioning strategy see github documentations

type

null or one of "lockfile-only", "auto", "widen", "increase", "increase-if-necessary"

example

{
  gh-dependabot.<name>.<name>.versioning-strategy = "auto";
}

default

{
  gh-dependabot.<name>.<name>.versioning-strategy = null;
}

gh-dependabot-registry

Disable auto rebase (enabled by default) see github documentations

type

attribute set of (submodule)

example

{
  gh-dependabot-registry = {
    maven-github = {
      secret-name = "MY_ARTIFACTORY_PASSWORD";
      type = "maven-repository";
      url = "https://maven.pkg.github.com/your-org";
      username = "your-repo-login";
    };
  };
}

default

{
  gh-dependabot-registry = { };
}

gh-dependabot-registry.<name>.organization

organization name of login in registry

type

null or non-empty string

example

{
  gh-dependabot-registry.<name>.organization = "your-org";
}

default

{
  gh-dependabot-registry.<name>.organization = null;
}

gh-dependabot-registry.<name>.replaces-base

replaces base url

type

boolean

example

{
  gh-dependabot-registry.<name>.replaces-base = true;
}

default

{
  gh-dependabot-registry.<name>.replaces-base = false;
}

gh-dependabot-registry.<name>.secret-name-key

gitub sercret name of key to access registry

type

null or non-empty string

example

{
  gh-dependabot-registry.<name>.secret-name-key = "MY_ARTIFACTORY_KEY";
}

default

{
  gh-dependabot-registry.<name>.secret-name-key = null;
}

gh-dependabot-registry.<name>.secret-name-pass

gitub sercret name of password to access registry

type

null or non-empty string

example

{
  gh-dependabot-registry.<name>.secret-name-pass = "MY_ARTIFACTORY_PASSWORD";
}

default

{
  gh-dependabot-registry.<name>.secret-name-pass = null;
}

gh-dependabot-registry.<name>.secret-name-token

gitub sercret name of token to access registry

type

null or non-empty string

example

{
  gh-dependabot-registry.<name>.secret-name-token = "MY_ARTIFACTORY_TOKEN";
}

default

{
  gh-dependabot-registry.<name>.secret-name-token = null;
}

gh-dependabot-registry.<name>.type

type of registry

type

non-empty string

example

{
  gh-dependabot-registry.<name>.type = "maven-repository";
}

gh-dependabot-registry.<name>.url

url of registry

type

null or non-empty string

example

{
  gh-dependabot-registry.<name>.url = "https://maven.pkg.github.com/your-org";
}

default

{
  gh-dependabot-registry.<name>.url = null;
}

gh-dependabot-registry.<name>.username

username of registry

type

null or non-empty string

example

{
  gh-dependabot-registry.<name>.username = "your-repo-login";
}

default

{
  gh-dependabot-registry.<name>.username = null;
}