mirror of
https://github.com/teloxide/teloxide.git
synced 2024-12-22 14:35:36 +01:00
Configure dependabot to update Cargo.lock
This commit is contained in:
parent
3566002c2d
commit
2a02566b3e
1 changed files with 44 additions and 0 deletions
44
.github/dependabot.yml
vendored
Normal file
44
.github/dependabot.yml
vendored
Normal file
|
@ -0,0 +1,44 @@
|
|||
version: 2
|
||||
updates:
|
||||
# This updates the `Cargo.lock` file.
|
||||
#
|
||||
# -----------------------------------------------------------------------------------------------
|
||||
#
|
||||
# Generally Rust libraries do not have lock files. This grows from the idea that you always want
|
||||
# to run CI with the most recent (semver compatible) dependency versions, since those are the
|
||||
# versions new users will get.
|
||||
#
|
||||
# However this approach worsens the contribution experience, since PR's CI can fail because of
|
||||
# a minor dependency update (e.g. because of an MSRV change or an accidental breaking change).
|
||||
#
|
||||
# To prevent this and make contribution experience a little bit better we include the lock file
|
||||
# in the repository. To combat the problem of running CI against old versions, we have this
|
||||
# dependabot job, which updates the `Cargo.lock` (and `Cargo.lock` only), every once in a while.
|
||||
- package-ecosystem: "cargo"
|
||||
# Directory where to search for build system configuration
|
||||
directory: "/"
|
||||
|
||||
# Only change `Cargo.lock`, never change `Cargo.toml`
|
||||
versioning-strategy: "lockfile-only"
|
||||
|
||||
# Check for updates weekly.
|
||||
# This makes sure dependabot doesn't open PRs too often.
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
|
||||
# Group dependencies, so dependabot does not open a million pull requests and instead just
|
||||
# makes "bump everything" every once in a while
|
||||
groups:
|
||||
lock:
|
||||
- patterns: ["*"]
|
||||
|
||||
# Allow both direct and indirect updates for all packages
|
||||
allow:
|
||||
- dependency-type: "all"
|
||||
|
||||
# Which labels to apply
|
||||
labels: ["A-dependencies"]
|
||||
|
||||
# Stop dependabot from updating dependencies when the previous dependabot PR hasn't been
|
||||
# merged/closed yet
|
||||
open-pull-requests-limit: 1
|
Loading…
Reference in a new issue