From fed55ef448dfd4e8002af9367092c4f1b7a55f37 Mon Sep 17 00:00:00 2001 From: Marco Ferrari Date: Thu, 10 Oct 2024 20:40:17 +0200 Subject: [PATCH] chore: group dependency updates prs (#6247) Group dependency update PRs in order to minimize the number of PRs to review. --- .github/dependabot.yml | 143 ++++++++++++++++++++++++---- dependencies/composer/composer.json | 3 +- dependencies/composer/composer.lock | 6 +- docs/add-new-linter.md | 19 ++-- 4 files changed, 139 insertions(+), 32 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f191f345..c07c7609 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,14 +16,56 @@ updates: schedule: interval: "weekly" open-pull-requests-limit: 100 + groups: + dev-ci-tools: + applies-to: version-updates + patterns: + - actions/* + - akhilerm/tag-push-action + - docker/* + - googleapis/* + - peter-evans/create-issue-from-file - package-ecosystem: "npm" commit-message: prefix: "deps(npm)" - directory: "/dependencies" + directories: + - /dependencies schedule: interval: "weekly" open-pull-requests-limit: 100 + groups: + eslint-plugins-configs: + applies-to: version-updates + patterns: + - "eslint-config*" + - "eslint-plugin*" + next: + applies-to: version-updates + patterns: + - next + - next-pwa + react: + applies-to: version-updates + patterns: + - "react*" + - "@babel/preset-react" + - "@react-native/eslint-config" + stylelint: + applies-to: version-updates + patterns: + - "stylelint*" + textlint: + applies-to: version-updates + patterns: + - "textlint*" + typescript: + applies-to: version-updates + patterns: + - "@babel/preset-typescript" + - "@typescript-eslint/eslint-plugin" + - ts-standard + - typescript - package-ecosystem: "bundler" commit-message: @@ -32,6 +74,11 @@ updates: schedule: interval: "weekly" open-pull-requests-limit: 100 + groups: + rubocop: + applies-to: version-updates + patterns: + - "rubocop*" - package-ecosystem: "docker" commit-message: @@ -40,38 +87,86 @@ updates: schedule: interval: "weekly" open-pull-requests-limit: 100 + groups: + docker: + applies-to: version-updates + # We can group all Docker dependencies because they are isolated from + # each other + patterns: + - alpine/helm + - alpine/terragrunt + - dotenvlinter/dotenv-linter + - dotnet/sdk + - golang + - golangci/golangci-lint + - goreleaser/goreleaser + - hadolint/hadolint + - hashicorp/terraform + - kustomize/kustomize + - tenable/terrascan + - terraform-linters/tflint + - yannh/kubeconform + - koalaman/shellcheck + - mstruebing/editorconfig-checker + - mvdan/shfmt + - rhysd/actionlint + - scalameta/scalafmt + - zricethezav/gitleaks + - yoheimuta/protolint + - clj-kondo/clj-kondo + - dart + - powershell + - composer/composer + - python - package-ecosystem: "pip" commit-message: prefix: "deps(python)" - directory: "/dependencies/python/" + directories: + - /dependencies/python/ schedule: interval: "weekly" open-pull-requests-limit: 100 + groups: + pip: + applies-to: version-updates + # We can group all python dependencies because each uses its own + # virtual environments + patterns: + - ansible-lint + - black + - cfn-lint + - checkov + - cpplint + - flake8 + - isort + - pyink + - pylint + - ruff + - snakefmt + - snakemake + - sqlfluff + - yamllint - package-ecosystem: "gradle" commit-message: prefix: "deps(java)" - directory: "/dependencies/checkstyle" - schedule: - interval: "weekly" - open-pull-requests-limit: 100 - - - package-ecosystem: "gradle" - commit-message: - prefix: "deps(java)" - directory: "/dependencies/google-java-format" - schedule: - interval: "weekly" - open-pull-requests-limit: 100 - - - package-ecosystem: "gradle" - commit-message: - prefix: "deps(java)" - directory: "/dependencies/ktlint" + directories: + - "/dependencies/checkstyle" + - "/dependencies/google-java-format" + - "/dependencies/ktlint" schedule: interval: "weekly" open-pull-requests-limit: 100 + groups: + java-gradle: + applies-to: version-updates + # We can group all Java dependencies because they are isolated from + # each other + patterns: + - "com.google.googlejavaformat:google-java-format" + - "com.pinterest.ktlint:ktlint-cli" + - "com.puppycrawl.tools:checkstyle" - package-ecosystem: "docker" commit-message: @@ -84,7 +179,8 @@ updates: - package-ecosystem: "npm" commit-message: prefix: "ci(dev-npm)" - directory: "/dev-dependencies" + directories: + - /dev-dependencies schedule: interval: "weekly" open-pull-requests-limit: 100 @@ -97,3 +193,10 @@ updates: schedule: interval: "weekly" open-pull-requests-limit: 100 + groups: + composer: + applies-to: version-updates + patterns: + - squizlabs/php_codesniffer + - phpstan/phpstan + - vimeo/psalm diff --git a/dependencies/composer/composer.json b/dependencies/composer/composer.json index f5380f7c..dae18d28 100644 --- a/dependencies/composer/composer.json +++ b/dependencies/composer/composer.json @@ -3,6 +3,7 @@ "require": { "squizlabs/php_codesniffer": "^3.10.1", "phpstan/phpstan": "^1.11.2", - "vimeo/psalm": "^5.24.0" + "vimeo/psalm": "^5.24.0", + "php": "^8.3" } } diff --git a/dependencies/composer/composer.lock b/dependencies/composer/composer.lock index 07871448..bac74ac6 100644 --- a/dependencies/composer/composer.lock +++ b/dependencies/composer/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "3b4539dab73f09cdc845962c74e8fc33", + "content-hash": "83c178db3f6e7f578d7120a28f2453ec", "packages": [ { "name": "amphp/amp", @@ -2232,7 +2232,9 @@ "stability-flags": [], "prefer-stable": false, "prefer-lowest": false, - "platform": [], + "platform": { + "php": "^8.3" + }, "platform-dev": [], "plugin-api-version": "2.6.0" } diff --git a/docs/add-new-linter.md b/docs/add-new-linter.md index 3b8e5f33..b1491b51 100644 --- a/docs/add-new-linter.md +++ b/docs/add-new-linter.md @@ -46,6 +46,9 @@ new tool needs in the `PATH`, and the expected version command: ENV PATH="${PATH}:/venvs//bin" ``` + 1. Add the new dependencies to the `pip` group in the DependaBot + configuration file (`.github/dependabot.yaml`). + - If there are npm packages, update `dependencies/package.json` and `dependencies/package-lock.json`. by adding the new packages. - If there are Ruby Gems, update `dependencies/Gemfile` and @@ -73,6 +76,7 @@ new tool needs in the `PATH`, and the expected version command: 3. Update the `dependencies` section in `dependencies//build.gradle` to install your dependencies. + 4. Add the following content to the `Dockerfile`: ```dockerfile @@ -91,15 +95,9 @@ new tool needs in the `PATH`, and the expected version command: )" ``` - 6. Add the new to DependaBot configuration: - - ```yaml - - package-ecosystem: "gradle" - directory: "/dependencies/" - schedule: - interval: "weekly" - open-pull-requests-limit: 10 - ``` + 6. Add the new tool dependencies to the DependaBot configuration in the + `directories` list and in the `java-gradle` group of the `gradle` package + ecosystem. - If there is a container (Docker) image: @@ -116,6 +114,9 @@ new tool needs in the `PATH`, and the expected version command: COPY --from= /usr/local/bin/ /usr/bin/ ``` + 1. Add the new dependency to the `docker` group in the DependaBot + configuration file. + ## Run the new tool - Update the orchestration scripts to run the new tool: