137 words, 1 min read

Found this nice snippet / pattern in the documentation of dependabot:

In this example, the dependabot.yml file:

  • Creates a group called angular.
  • Uses patterns that match with the name of a dependency to include dependencies in the group.
  • Uses update-type to only include minor or patch updates in the group.
  • Applies the grouping to version updates only, since applies-to: version-updates is used.
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
groups:
# Specify a name for the group, which will be used in pull request titles
# and branch names
angular:
applies-to: version-updates
patterns:
- "@angular*"
update-types:
- "minor"
- "patch"

As a result:

  • Dependabot will create a grouped pull request for all Angular dependencies that have a minor or patch update.
  • All major updates will continue to be raised as individual pull requests.