search

github / evergreen

GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.yaml file
https://github.blog/2024-01-25-do-you-know-if-all-your-repositories-have-up-to-date-dependencies/
MIT License
176 stars 16 forks source link

Make the interval schedule in dependabot.yml configurable #217

Closed hkadakia closed 3 weeks ago

hkadakia commented 1 month ago

Is your feature request related to a problem?

Currently when a new dependabot.yml file is created it defaults to run weekly. There could be a need for users to run it more frequently. Having a way to specify that as part of environment variable could be helpful. The default can remain as weekly if not specified.

Describe the solution you'd like

Introduce a new environment variable for making the schedule configurable. This would give flexibility to the user to select the frequency at which dependabot should look for new packages and dependencies.

Describe alternatives you've considered

Merge the pull request created by dependabot and then create a new pull request to modify the schedule to the frequency user wants. This is a current workaround but having a way users can specify that at org level can help them additional step to create new pull request across multiple repos in their orgs.

Additional context

No response

hkadakia commented 3 weeks ago

With this change, is it possible to specify different schedule for different ecosystem. For eg. I would like security patches to be run weekly but any non-security issues can be run monthly? Do you want me to create a new issue for this request if at all?