Merge pull request #302 from jsafrane/add-dependabot-security

Update dependabot.yaml for security updates
kubernetes-csi · Jun 15, 2023 · ad6fdf4 · ad6fdf4
2 parents c9200e1 + a68bc84
commit ad6fdf4
Showing 1 changed file with 40 additions and 3 deletions.
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -1,5 +1,15 @@
 version: 2
 updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+      interval: "daily"
+  labels:
+    - "area/dependency"
+    - "release-note-none"
+    - "ok-to-test"
+  open-pull-requests-limit: 10
+
 - package-ecosystem: gomod
   directory: "/"
   schedule:
@@ -9,12 +19,39 @@ updates:
     - "release-note-none"
     - "ok-to-test"
   open-pull-requests-limit: 10
-- package-ecosystem: "github-actions"
+
+# The list below needs to be maintained manually with every branch we support.
+# It allows dependabot to open security-only updates in supported branches.
+# ("open-pull-requests-limit: 0" blocks non-security updates)
+- package-ecosystem: gomod
+  open-pull-requests-limit: 0
+  target-branch: "release-2.6"
   directory: "/"
   schedule:
-      interval: "daily"
+    interval: daily
+  labels:
+    - "area/dependency"
+    - "release-note-none"
+    - "ok-to-test"
+
+- package-ecosystem: gomod
+  open-pull-requests-limit: 0
+  target-branch: "release-2.7"
+  directory: "/"
+  schedule:
+    interval: daily
+  labels:
+    - "area/dependency"
+    - "release-note-none"
+    - "ok-to-test"
+
+- package-ecosystem: gomod
+  open-pull-requests-limit: 0
+  target-branch: "release-2.8"
+  directory: "/"
+  schedule:
+    interval: daily
   labels:
     - "area/dependency"
     - "release-note-none"
     - "ok-to-test"
-  open-pull-requests-limit: 10