Open dengliming opened 4 years ago
Hi there @dengliming , I was checking the main differences among them and I see that for js/ts based projects they are +- the same correct? WDYT @gkorland ? I see benefits on moving towards dependabot if we apply it across the entire python/go/js,etc.... clients.
# Basic set up for three package managers
version: 2
updates:
# Maintain dependencies for GitHub Actions ( to keep our actions up to date )
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
# Maintain dependencies for js/ts
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
# Maintain dependencies for go
- package-ecosystem: "go:modules"
directory: "/"
schedule:
interval: "daily"
# Maintain dependencies for python
- package-ecosystem: "python"
directory: "/"
schedule:
interval: "daily"
# Maintain dependencies for dotnet
- package-ecosystem: "dotnet:nuget"
directory: "/"
schedule:
interval: "daily"
# Maintain dependencies for java
- package-ecosystem: "java:maven"
directory: "/"
schedule:
interval: "daily"
@filipecosta90 Thanks for quick reply. Just a suggestion. They both good. like travis ci
and github workflow actions
. I recommend doing this because you can configure it directly on Github. Snyk can only be logged to the https://snyk.io/
to be configured.(Not sure).
See: https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates