Update dependabot configuration #2344
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We are trying to achieve two things: * Make it possible for dependabot to upgrade the containers automatically * Collect the image and version of the containers we use for testing in one place Note that the test suite will still create and start the containers programmatically, but it will read the first FROM line in each Dockerfile to extract the image and version to use. It will ignore everything else. My initial plan was to configure each container using the Dockerfile directly, but I prefer to reuse the exsisting Testcontainers classes for each database (for example, PostgreSQLContainer) because they contain out-of-the-box configuration that I would need to copy somewhere else. In any case, this is a good starting point and we can improve it later.
Includes: * Update project dependencies * Update images in Dockerfile files under tooling/docker/ * Update images we use as services in the GitHub workflow (mysql and postgres to test the examples)
marko-bekhta
approved these changes
Jul 11, 2025
| @@ -14,5 +14,49 @@ updates: | |||
| patterns: | |||
| - "*" | |||
| allow: | |||
| - dependency-name: "actions/*" | |||
| - dependency-name: "redhat-actions/*" | |||
| - dependency-type: all | |||
There was a problem hiding this comment.
it's probably fine to include all actions to check for the updates since we currently only have the official actions/ and the codeql actions used in the workflows...
For the background, why it was originally limited: the idea was to only allow updates for the explicitly defined trusted sources of actions. So I'll let you decide how you'd like to define that 😃, maybe just
Suggested change
| - dependency-type: all | |
| - dependency-name: "actions/*" | |
| - dependency-name: "github/codeql-action/*" |
?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix #1136
Built on top of #2341
Includes:
postgres to test the examples)
@marko-bekhta, could you have a look at the dependabot configuration in this commit and let me know if it makes sense?