Enable dependabot only for github-actions and reporter-web-app

We do not want dependabot to update the dependencies of test projects. As there is no option to disable dependabot for a directory, enable it only for the projects where we want it to run. Note that we do not enable dependabot for Gradle because it does not support defining versions in gradle.propertes [1] and we manually check for Gradle dependency updates using the `dependencyUpdates` Gradle task on a regular basis. [1] dependabot/dependabot-core#1618 Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
oss-review-toolkit · May 21, 2021 · 23510aa · 23510aa
1 parent d551595
commit 23510aa
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,17 @@
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+- package-ecosystem: "github-actions"
+  # Must be "/" for github-actions, see:
+  # https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#directory
+  directory: "/"
+  schedule:
+    interval: "daily"
+- package-ecosystem: "npm"
+  directory: "/reporter-web-app"
+  schedule:
+    interval: "daily"
+  labels:
+  - "reporter"