From 31edaf632f32109ac97f2e677d9b6c129040e50b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=98=D0=BB=D1=8C=D1=8F=20=D0=9B=D1=8F=D1=89=D1=83=D0=BA?= <40496434+prog-time@users.noreply.github.com> Date: Thu, 23 Apr 2026 09:52:39 +0300 Subject: [PATCH 1/3] issues-19|add Dependabot config template --- dependabot/dependabot.yml | 58 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 dependabot/dependabot.yml diff --git a/dependabot/dependabot.yml b/dependabot/dependabot.yml new file mode 100644 index 0000000..109e6fd --- /dev/null +++ b/dependabot/dependabot.yml @@ -0,0 +1,58 @@ +version: 2 + +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + commit-message: + prefix: "ci(deps)" + + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + commit-message: + prefix: "chore(deps)" + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + commit-message: + prefix: "chore(deps)" + + - package-ecosystem: "bundler" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + commit-message: + prefix: "chore(deps)" + + - package-ecosystem: "composer" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + commit-message: + prefix: "chore(deps)" + + - package-ecosystem: "cargo" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + commit-message: + prefix: "chore(deps)" + + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + commit-message: + prefix: "chore(deps)" From 974ef4c0612e539ed9c59948acca607078344068 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=98=D0=BB=D1=8C=D1=8F=20=D0=9B=D1=8F=D1=89=D1=83=D0=BA?= <40496434+prog-time@users.noreply.github.com> Date: Thu, 23 Apr 2026 09:52:56 +0300 Subject: [PATCH 2/3] issues-19|add BATS tests for Dependabot template --- tests/dependabot/dependabot.bats | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 tests/dependabot/dependabot.bats diff --git a/tests/dependabot/dependabot.bats b/tests/dependabot/dependabot.bats new file mode 100644 index 0000000..1202877 --- /dev/null +++ b/tests/dependabot/dependabot.bats @@ -0,0 +1,28 @@ +#!/usr/bin/env bats + +TEMPLATE="$BATS_TEST_DIRNAME/../../dependabot/dependabot.yml" + +@test "file parses as valid YAML" { + run yamllint "$TEMPLATE" + [ "$status" -eq 0 ] +} + +@test "version is 2" { + grep -q "^version: 2$" "$TEMPLATE" +} + +@test "all required ecosystems are present" { + grep -q "package-ecosystem: \"github-actions\"" "$TEMPLATE" + grep -q "package-ecosystem: \"npm\"" "$TEMPLATE" + grep -q "package-ecosystem: \"pip\"" "$TEMPLATE" + grep -q "package-ecosystem: \"bundler\"" "$TEMPLATE" + grep -q "package-ecosystem: \"composer\"" "$TEMPLATE" + grep -q "package-ecosystem: \"cargo\"" "$TEMPLATE" + grep -q "package-ecosystem: \"gomod\"" "$TEMPLATE" +} + +@test "every entry has schedule.interval set" { + ecosystem_count=$(grep -c "package-ecosystem:" "$TEMPLATE") + interval_count=$(grep -c "interval:" "$TEMPLATE") + [ "$interval_count" -eq "$ecosystem_count" ] +} From f75989a5fed513f44f6e81615cf3c177f53a5a44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=98=D0=BB=D1=8C=D1=8F=20=D0=9B=D1=8F=D1=89=D1=83=D0=BA?= <40496434+prog-time@users.noreply.github.com> Date: Thu, 23 Apr 2026 09:53:07 +0300 Subject: [PATCH 3/3] issues-19|document Dependabot template in README --- README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/README.md b/README.md index 1c3f8e8..8a3c2c9 100644 --- a/README.md +++ b/README.md @@ -172,9 +172,14 @@ Workflows/ │ │ ├── cargo_test.bats │ │ ├── jest.bats │ │ └── xcodebuild_test.bats +│ ├── dependabot/ +│ │ └── dependabot.bats # validates the Dependabot template │ └── helpers/ │ └── common.bash # shared test utilities (mocks, temp dirs) │ +├── dependabot/ +│ └── dependabot.yml # Dependabot config template (copy to .github/) +│ └── rules/ # living documentation for contributors ├── README.md ├── _meta/how-to-write-rules.md @@ -323,6 +328,31 @@ jobs: --- +## Dependabot template + +`dependabot/dependabot.yml` is a ready-to-copy [Dependabot](https://docs.github.com/en/code-security/dependabot) +configuration template. Unlike the CI snippets in `CI/`, this file is not a GitHub Actions job — it is a +repository-level configuration that GitHub reads natively from `.github/dependabot.yml`. + +**This artefact does not follow the three-layer pattern** (`shell → source YAML → assembled YAML`). There is +no shell script or assembler step. Copy the file directly into your project's `.github/` directory. + +### Usage + +```bash +cp dependabot/dependabot.yml /.github/dependabot.yml +``` + +The template enables weekly automated dependency-update PRs for seven ecosystems: +`github-actions`, `npm`, `pip`, `bundler`, `composer`, `cargo`, and `gomod`. +Each entry uses `open-pull-requests-limit: 5` and a stable `commit-message` prefix so the +resulting PRs are easy to filter and review. + +Adjust the `directory` field per entry if your dependency manifests live in a subdirectory +rather than the repository root. + +--- + ## Shell script conventions Every script in `scripts/shell/` follows the same patterns defined in `rules/process/ci-cd.md`: