Add a profile for enforcing lightweight dependabot configuration (#260)

* Add a profile for enforcing lightweight dependabot configuration Signed-off-by: Radoslav Dimitrov <[email protected]> * Use selectors to apply this profile to a subset of repos Signed-off-by: Radoslav Dimitrov <[email protected]> --------- Signed-off-by: Radoslav Dimitrov <[email protected]>
mindersec · Jan 10, 2025 · f48b834 · f48b834
1 parent 35907b1
commit f48b834
Showing 1 changed file with 73 additions and 0 deletions.
diff --git a/profiles/github/stacklok-lightweight-dependabot.yaml b/profiles/github/stacklok-lightweight-dependabot.yaml
@@ -0,0 +1,73 @@
+---
+# Stacklok profile
+version: v1
+type: profile
+name: stacklok-lightweight-dependabot
+# The selector is used to select repositories that this profile will be applied to.
+# In this case, we are selecting repositories that are considered low-maintenance.
+selection:
+  - entity: repository
+    selector: >
+      repository.name.startsWith('stacklok/quiver') ||
+      repository.name.startsWith('stacklok/minder-bundle-updater') ||
+      repository.name.startsWith('stacklok/healthcheck-bundle')
+display_name: Stacklok Lightweight Dependabot Profile
+context:
+  provider: github
+alert: "off"
+remediate: "on"
+repository:
+  - type: enforce_file
+    name: "Enforce lightweight Dependabot config for Go projects"
+    def:
+      apply_if_file: go.mod
+      file: ".github/dependabot.yml"
+      content: |
+        version: 2
+        updates:
+          - package-ecosystem: "github-actions"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10
+          - package-ecosystem: "gomod"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10
+  - type: enforce_file
+    name: "Enforce lightweight Dependabot config for JavaScript projects"
+    def:
+      apply_if_file: package.json
+      file: ".github/dependabot.yml"
+      content: |
+        version: 2
+        updates:
+          - package-ecosystem: "github-actions"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10
+          - package-ecosystem: "npm"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10
+  - type: enforce_file
+    name: "Enforce lightweight Dependabot config for Python projects"
+    def:
+      apply_if_file: requirements.txt
+      file: ".github/dependabot.yml"
+      content: |
+        version: 2
+        updates:
+          - package-ecosystem: "github-actions"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10
+          - package-ecosystem: "pip"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10