🐥 Dependabot: individual pull requests for major updates and grouped for minor/patch updates

github tools

137 words, 1 min read

Found this nice snippet / pattern in the documentation of dependabot:

In this example, the dependabot.yml file:

Creates a group called angular.

Uses patterns that match with the name of a dependency to include dependencies in the group.

Uses update-type to only include minor or patch updates in the group.

Applies the grouping to version updates only, since applies-to: version-updates is used.
version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
    groups:
      # Specify a name for the group, which will be used in pull request titles
      # and branch names
      angular:
        applies-to: version-updates
        patterns:
          - "@angular*"
        update-types:
          - "minor"
          - "patch"
As a result:

Dependabot will create a grouped pull request for all Angular dependencies that have a minor or patch update.

All major updates will continue to be raised as individual pull requests.

If this post was enjoyable or useful for you, please share it! If you have comments, questions, or feedback, you can email my personal email. To get new posts, subscribe use the RSS feed.