-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathdependabot.yml
More file actions
69 lines (68 loc) · 2.21 KB
/
Copy pathdependabot.yml
File metadata and controls
69 lines (68 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Dependabot — repository root only (`/`).
# - github-actions: weekly Monday 09:00 UTC; group `actions-minor` (minor+patch); max 5 open PRs.
# - pip: same schedule; reads root pyproject.toml / lockfile (uv-compatible); groups `dev-tools` and `scientific-core`.
version: 2
updates:
# ───────────────────────────────────────────
# GitHub Actions — weekly, max 5 open PRs
# ───────────────────────────────────────────
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "09:00"
timezone: "UTC"
open-pull-requests-limit: 5
labels:
- "dependencies"
- "automated"
- "github-actions"
commit-message:
prefix: "chore(ci)"
include: "scope"
groups:
actions-minor:
patterns: ["*"]
update-types: ["minor", "patch"]
# ───────────────────────────────────────────
# Python (uv / pip) — weekly, grouped
# ───────────────────────────────────────────
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "09:00"
timezone: "UTC"
open-pull-requests-limit: 5
labels:
- "dependencies"
- "automated"
- "python"
commit-message:
prefix: "chore(deps)"
include: "scope"
groups:
# Dev/testing tools batched — lower risk, single PR
dev-tools:
patterns:
- "pytest*"
- "mypy*"
- "ruff*"
- "black*"
- "bandit*"
- "pip-audit*"
- "types-*"
- "iniconfig*"
update-types: ["minor", "patch"]
# Core scientific deps batched separately
scientific-core:
patterns:
- "numpy*"
- "scipy*"
- "pandas*"
- "matplotlib*"
- "scikit-learn*"
- "networkx*"
update-types: ["minor", "patch"]