Add/Update Dependabot configuration files to/in select GitHub repos used by our team(s)

[WadeBarnes]

Add or update Dependabot Configuration files to/in select repositories to better automate updates and dependency management of the associated code.

By default, Dependabot scans repositories containing dependency lock files for updates to address vulnerabilities. This behavior can be extended to include scanning code within a repository for updated versions. We've started using this feature for maintaining the dependencies for GitHub actions across several BCGov, Hyperledger, and Open Wallet Foundation repos, and we'd like to expand that to the rest of the code base(s).

Approach:

1. Determine which repositories should be considered in scope for this task. Repositories from the bcgov, hyperledger, and openwallet-foundation should be considered. Discuss with the DITP team members and the community members activity working on the code within these various organizations to compile a list of candidate repositories.
2. Determine the most appropriate Dependabot configuration settings for each repository. Settings are expected to vary from repository to repository based on the associated code base. Discuss with the DITP team and the community members who are actively contributing and maintaining code within the identified repositories to determine the most appropriate settings.
3. Draft PRs for each selected repository, complete with the Dependabot configuration settings designed for each repository.

Acceptance Criteria:

1. Acceptance criteria may vary depending on the repository and the community maintaining it. Acceptance will ultimately be decided by maintainer review and approval of the submitted PR. However, in general is expected to be based on a complete, functional, and easily maintainable Dependabot configuration file containing settings appropriately configured for the given repository.

[rajpalc7]

Hi @WadeBarnes , Please let me know if I am missing any other repositories that will require dependabot configuration files than the ones mentioned below:

https://github.com/search?q=topic%3Adts+org%3Abcgov+fork%3Atrue&type=repositories

https://github.com/search?q=topic%3Aaca-py+org%3Ahyperledger+fork%3Atrue&type=repositories

https://github.com/search?q=topic%3Aindy+org%3Aopenwallet-foundation+fork%3Atrue&type=repositories

https://github.com/search?q=topic%3Aaries+org%3Aopenwallet-foundation+fork%3Atrue&type=repositories

[WadeBarnes]

Thanks @rajpalc7. The following queries provide a more complete list of the candidate repositories in each of the Organizations:

• BC Gov
• Hyperledger
• OpenWallet Foundation

[rajpalc7]

Thanks @WadeBarnes I noticed some of the repositories already have dependabot.yml in it. If we are planning to update it, how would you like the new update to look like ?

[WadeBarnes]

Thanks @WadeBarnes I noticed some of the repositories already have dependabot.yml in it. If we are planning to upgrade the, how would you like the new upgrade to look like ?

Add or update Dependabot Configuration files. That's what the ticket asks for.

What, if anything, needs to be added or updated depends on the repository, the code it contains, and how well the exiting configuration manages the code within that repository. So without a specific example, I can't really answer that question.

A general example:

• Repository contains GitHub Actions and Python code.
• Existing Dependabot Configuration file only contains configuration to manage dependencies on GitHub Actions.
• Expected Action: Update the Dependabot Configuration file to also manage the dependencies for the Python code.

[rajpalc7]

`BC Gov Repositories:

• [x] https://github.com/bcgov/von-network
• [x] https://github.com/bcgov/traction-tenant-traceability-controller
• [x] https://github.com/bcgov/vc-authn-oidc
• [x] https://github.com/bcgov/aries-vcr - python
• [x] https://github.com/bcgov/issuer-kit
• [x] https://github.com/bcgov/traction - python
• [x] https://github.com/bcgov/did-auth-extension (skipping this repository as its dormant )
• [x] https://github.com/bcgov/aries-vcr-issuer-controller - python
• [x] https://github.com/bcgov/bc-wallet-mobile
• [x] https://github.com/bcgov/BC-Wallet-Demo
• [x] https://github.com/bcgov/indy-tails-server
• [x] https://github.com/bcgov/aries-oca-bundles
• [x] https://github.com/bcgov/aries-cloudagent-container - python
• [x] https://github.com/bcgov/http-did-auth-proxy (skipping this repository as its dormant )
• [x] https://github.com/bcgov/essential-services-delivery (this repository doesn't have any dependencies)
• [x] https://github.com/bcgov/orgbook-bc-client
• [x] https://github.com/bcgov/bc-vcpedia
• [x] https://github.com/bcgov/orgbook-bc-api-docs
• [x] https://github.com/bcgov/aries-bifold-template
• [x] https://github.com/bcgov/trust-over-ip-configurations
• [x] https://github.com/bcgov/openshift-aries-mediator-service - python
• [x] https://github.com/bcgov/von-bc-registries-agent - python
• [x] https://github.com/bcgov/orgbook-configurations - (this project doesnt have any dependencies)
• [x] https://github.com/bcgov/DITP-DevOps - (this project doesnt have any dependencies)
• [x] https://github.com/bcgov/b2b-credential-manager (this project will be archived)
• [x] https://github.com/bcgov/trustdidweb
• [x] https://github.com/bcgov/trustdidweb-ts
• [x] https://github.com/bcgov/vc-visual-verifier - python
• [x] https://github.com/bcgov/aries-vcr-client
• [x] https://github.com/bcgov/DITP
• [x] https://github.com/bcgov/dts-backup-configurations
• [x] https://github.com/bcgov/von-bc-registries-audit - python
• [x] https://github.com/bcgov/orgbook-on-client ( repo will be archived in the future)
• [x] https://github.com/bcgov/lcrb-dav - python
• [x] https://github.com/bcgov/BC-Wallet-Demo-Configurations
• [x] https://github.com/bcgov/dts-endorser-service (this repository doesn't have any dependencies)
• [x] https://github.com/bcgov/aries-load-generator (this repository doesn't have any dependencies)
• [x] https://github.com/bcgov/mobile-attestation-vc-controller - python
• [x] https://github.com/bcgov/von-bc-registries-agent-configurations (this repository doesn't have any dependencies)

[rajpalc7]

HYPERLEDGER:

• [x] https://github.com/hyperledger/indy-node - python
• [x] https://github.com/hyperledger/aries-cloudagent-python
• [x] https://github.com/hyperledger/aries-rfcs - python
• [x] https://github.com/hyperledger/indy-plenum - python
• [x] https://github.com/hyperledger/aries-vcx
• [x] https://github.com/hyperledger/indy-hipe - python
• [x] https://github.com/hyperledger/aries-agent-test-harness
• [x] https://github.com/hyperledger/aries-askar - python
• [x] https://github.com/hyperledger/indy-vdr - python
• [x] https://github.com/hyperledger/aries-acapy-controllers
• [x] https://github.com/hyperledger/aries-mediator-service - python
• [x] https://github.com/hyperledger/anoncreds-v2-rs
• [x] https://github.com/hyperledger/indy-node-container - python
• [x] https://github.com/hyperledger/indy-shared-rs - python
• [x] https://github.com/hyperledger/indy-besu - python
• [x] https://github.com/hyperledger/indy-node-monitor - python
• [x] https://github.com/hyperledger/indy-test-automation - python
• [x] https://github.com/hyperledger/aries-socketdock - python
• [x] https://github.com/hyperledger/aries-acapy-tools - python
• [x] https://github.com/hyperledger/anoncreds-clsignatures-rs -
• [x] https://github.com/hyperledger/aries-endorser-service - python
• [x] https://github.com/hyperledger/aries-acapy-plugins - python
• [x] https://github.com/hyperledger/aries-bbssignatures-rs
• [x] https://github.com/hyperledger/aries-acapy-docs
• [x] https://github.com/hyperledger/aries-akrida - python
• [x] https://github.com/hyperledger/indy-cli-rs
• [x] https://github.com/hyperledger/indy-shared-gha
• [x] https://github.com/hyperledger/indy-did-method
• [x] https://github.com/hyperledger/indy-blssignatures-rs

OPENWALLET:

• [x] https://github.com/openwallet-foundation/credo-ts
• [x] https://github.com/openwallet-foundation/bifold-wallet
• [x] https://github.com/openwallet-foundation/credo-ts-ext
• [x] https://github.com/openwallet-foundation/credo-ts-docs
• [x] https://github.com/openwallet-foundation/mobile-wallet-test-harness - PYTHON

[WadeBarnes]

Based on developer feedback we've determined from filtering of the version update recommendations is required to minimize PR "noise". Refer to https://github.com/bcgov/vc-authn-oidc/issues/465 for an example.

[WadeBarnes]

Top 5 list of repositories to work on is being maintained here; https://github.com/bcgov/DITP-DevOps/issues/174#issuecomment-2026007556

[WadeBarnes]

@rajpalc7, please check off the repositories in the lists above as you complete the tasks and the PRs are successfully merged.

[WadeBarnes]

@rajpalc7, As we move forward please focus on and complete the work in the BC Gov repositories first. When you complete that check in with @cvarjao and I on how to proceed with the Hyperledger and Open Wallet Foundation repositories.