-
Notifications
You must be signed in to change notification settings - Fork 155
Expand file tree
/
Copy pathdependabot.yml.disabled
More file actions
106 lines (96 loc) · 3.68 KB
/
dependabot.yml.disabled
File metadata and controls
106 lines (96 loc) · 3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# yaml-language-server: $schema=https://json.schemastore.org/dependabot-2.0.json
version: 2
registries:
# Dependabot doesn't need to use this, so try to stop it doing so
azure-nuget:
type: nuget-feed
url: https://pkgs.dev.azure.com/datadoghq/dd-trace-dotnet/_packaging/Public_Feed/nuget/v3/index.json
public-nuget:
type: nuget-feed
url: https://api.nuget.org/v3/index.json
updates:
# Mocked projects for vendored dependency notifications
- package-ecosystem: "nuget"
directory: "/tracer/dependabot"
registries: "*"
exclude-paths:
- "integrations"
schedule:
interval: "weekly" # these don't change often
labels:
- "dependencies"
- "area:dependabot"
ignore:
- dependency-name: "MessagePack" # Locked at a version that supports our net452 build target
- dependency-name: "*" # Ignore patches for all integrations
update-types: ["version-update:semver-patch"]
# Mocked projects for integration dependency notifications
- package-ecosystem: "nuget"
directory: "/tracer/dependabot/integrations"
registries: "*"
open-pull-requests-limit: 1
schedule:
interval: "daily"
labels:
- "dependencies"
- "area:dependabot"
# Azure functions explicit testing - we can't include these with our "normal" process checks
# Because they aren't compatible with the dotnet msbuild approach we're using
- package-ecosystem: "nuget"
directory: "/tracer/test/test-applications/azure-functions/Samples.AzureFunctions.V4Isolated"
registries: "*"
schedule:
interval: "daily"
labels:
- "dependencies"
- "area:dependabot"
ignore:
- dependency-name: "*" # Ignore patches for all integrations
update-types: ["version-update:semver-patch"]
# Src libraries
- package-ecosystem: "nuget"
directory: "/tracer/src"
# This is a hacky way to get Dependabot to care primarily about
# - Datadog.Trace
# - Datadog.Trace.OpenTracing
# - Datadog.Trace.BenchmarkDotNet
exclude-paths:
- "Datadog.AutoInstrumentation.Generator/**"
- "Datadog.AzureFunctions/**"
- "Datadog.InstrumentedAssemblyGenerator/**"
- "Datadog.InstrumentedAssemblyVerification/**"
- "Datadog.Trace.Bundle/**"
- "Datadog.Trace.SourceGenerators/**"
- "Datadog.Trace.Tools.Analyzers/**"
- "Datadog.Trace.Tools.Analyzers.CodeFixes/**"
- "Datadog.Trace.Tools.dd_dotnet.SourceGenerators/**"
registries: "*"
schedule:
interval: "daily"
labels:
- "dependencies"
ignore:
### Start Datadog.Trace.csproj ignored dependencies
# DiagnosticSource is kept at the lowest supported version for widest compatibility
- dependency-name: "System.Diagnostics.DiagnosticSource"
# AspNetCore reference libraries are kept at the lowest supported version for compatibility on netstandard2.0
- dependency-name: "Microsoft.AspNetCore.Hosting.Abstractions"
- dependency-name: "Microsoft.AspNetCore.Mvc.Abstractions"
- dependency-name: "Microsoft.AspNetCore.Routing"
# DuckTyping libraries are kept at the lowest supported version for compatibility on netstandard2.0
- dependency-name: "System.Reflection.Emit"
- dependency-name: "System.Reflection.Emit.Lightweight"
### End Datadog.Trace.csproj ignored dependencies
# Lock Microsoft.Build.Framework for widest compatibility when instrumenting builds
- dependency-name: "Microsoft.Build.Framework"
- package-ecosystem: "github-actions"
directories:
- "/"
- "/.github/actions/*"
- "/.github/actions/*/*"
schedule:
interval: "monthly"
groups:
gh-actions-packages:
patterns:
- "*"