xevion/Pac-Man
1
0
Fork 0
mirror of https://github.com/Xevion/Pac-Man.git synced 2025-12-06 01:15:42 -06:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): reconfigure Dependabot with granular update groups

Browse Source 
Replaced monolithic dependency grouping with 13 separate update groups
across Cargo (game/server), npm (frontend), and GitHub Actions ecosystems.

Key improvements:
- Separate patch/minor/major updates to prevent breaking changes from
  blocking safe updates
- Group by crate (game vs server) for easier review
- Enable auto-merge for patch updates via labels
- Weekly checks with 5 PR limit to avoid spam
- Ignore bevy_ecs 0.17+ and jsonwebtoken 10+ until manual migration

Closed PR #10 (22 jumbled updates causing build failures).
This commit is contained in:
Ryan Walters
2025-11-22 21:53:02 -06:00
parent 3e08720b43
commit a98ad23348
1 changed files with 213 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

219
.github/dependabot.yml vendored
View File

@@ -1,20 +1,227 @@
# Dependabot Configuration
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
#
# Strategy:
# - Weekly checks for faster vulnerability detection
# - Separate patch/minor/major updates to prevent blocking
# - Group by crate (game vs server) for easier review
# - Auto-merge patches via GitHub branch protection rules
# - Limit concurrent PRs to avoid spam
version: 2
updates:
# Game: Patch updates (auto-mergeable)
- package-ecosystem: "cargo"
directory: "/"
directory: "/pacman"
schedule:
interval: "monthly"
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
groups:
dependencies:
game-patches:
applies-to: "version-updates"
update-types:
- "patch"
ignore:
# Bevy ECS 0.17+ requires API migration - ignore until manual update
- dependency-name: "bevy_ecs"
versions: ["0.17.x", "0.18.x", "0.19.x"]
labels:
- "dependencies"
- "dependencies:patch"
- "game"
# Game: Minor updates (grouped, manual review)
- package-ecosystem: "cargo"
directory: "/pacman"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
groups:
game-minor:
applies-to: "version-updates"
update-types:
- "minor"
ignore:
- dependency-name: "bevy_ecs"
versions: ["0.17.x", "0.18.x", "0.19.x"]
labels:
- "dependencies"
- "dependencies:minor"
- "game"
# Game: Major updates (separate PRs, manual review)
- package-ecosystem: "cargo"
directory: "/pacman"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
groups:
game-major:
applies-to: "version-updates"
update-types:
- "major"
ignore:
- dependency-name: "bevy_ecs"
versions: ["0.17.x", "0.18.x", "0.19.x"]
labels:
- "dependencies"
- "dependencies:major"
- "game"
# Server: Patch updates (auto-mergeable)
- package-ecosystem: "cargo"
directory: "/pacman-server"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
groups:
server-patches:
applies-to: "version-updates"
update-types:
- "patch"
ignore:
# jsonwebtoken 10+ requires crypto backend feature flag - ignore until manual migration
- dependency-name: "jsonwebtoken"
versions: ["10.x", "11.x"]
labels:
- "dependencies"
- "dependencies:patch"
- "server"
# Server: Minor updates (grouped, manual review)
- package-ecosystem: "cargo"
directory: "/pacman-server"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
groups:
server-minor:
applies-to: "version-updates"
update-types:
- "minor"
ignore:
- dependency-name: "jsonwebtoken"
versions: ["10.x", "11.x"]
labels:
- "dependencies"
- "dependencies:minor"
- "server"
# Server: Major updates (separate PRs, manual review)
- package-ecosystem: "cargo"
directory: "/pacman-server"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
groups:
server-major:
applies-to: "version-updates"
update-types:
- "major"
ignore:
- dependency-name: "jsonwebtoken"
versions: ["10.x", "11.x"]
labels:
- "dependencies"
- "dependencies:major"
- "server"
# Frontend: Patch updates (auto-mergeable)
- package-ecosystem: "npm"
directory: "/web"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
groups:
frontend-patches:
applies-to: "version-updates"
update-types:
- "patch"
labels:
- "dependencies"
- "dependencies:patch"
- "frontend"
# Frontend: Minor updates (grouped, manual review)
- package-ecosystem: "npm"
directory: "/web"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
groups:
frontend-minor:
applies-to: "version-updates"
update-types:
- "minor"
labels:
- "dependencies"
- "dependencies:minor"
- "frontend"
# Frontend: Major updates (separate PRs for critical deps)
- package-ecosystem: "npm"
directory: "/web"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
groups:
frontend-major-framework:
applies-to: "version-updates"
update-types:
- "major"
patterns:
- "*"
- "react"
- "react-dom"
- "vike"
- "vite"
labels:
- "dependencies"
- "dependencies:major"
- "frontend"
- "framework"
# Frontend: Other major updates (grouped)
- package-ecosystem: "npm"
directory: "/web"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
groups:
frontend-major-other:
applies-to: "version-updates"
update-types:
- "major"
exclude-patterns:
- "react"
- "react-dom"
- "vike"
- "vite"
labels:
- "dependencies"
- "dependencies:major"
- "frontend"
# GitHub Actions: All updates grouped (low risk)
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
groups:
dependencies:
github-actions:
patterns:
- "*"
labels:
- "dependencies"
- "github-actions"