Integralist · June 16, 2025 15:16
diff --git a/dependabot.yaml b/dependabot.yaml
 # Example configuration that's quite detailed in its approach.
 # .github/dependabot.yaml

 version: 2
 updates:
  - package-ecosystem: github-actions
    directory: "/"
    schedule:
      day: monday
      interval: weekly
      time: "13:00"
    open-pull-requests-limit: 10
    groups:
      version-bumps:
        applies-to: version-updates
        update-types: ["minor", "patch"]

  - package-ecosystem: gomod
    directory: "/"
    schedule:
      interval: weekly
      time: "12:00"
    open-pull-requests-limit: 10
    groups:
      # Always create a separate PR for zonedb updates
      zonedb-only:
        patterns:
          - "github.com/zonedb/zonedb"
      # Create a grouped PR specifically for fastly dependencies.
      fastly-modules:
        applies-to: version-updates
        patterns:
          - "github.com/fastly"
      # Create a grouped PR for all go.mod dependencies that have a minor or
      # patch version updates. All major updates will be separate PRs.
      external-modules:
        applies-to: version-updates
        update-types: ["minor", "patch"]
        exclude-patterns:
          - "github.com/zonedb/zonedb"
          - "github.com/fastly"

  - package-ecosystem: terraform
    # specify directories for dependabot to monitor for updating
    # directories allows the use wildcard and globbing, which is needed because infrastructure contains many layers of subdirectories
    # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#directories-or-directory--
    directories:
      - "/infrastructure" # files within the directory
      - "/infrastructure/**/*" # subdirectories
    schedule:
      day: monday
      interval: weekly
      time: "13:00" # 5am Pacific
    open-pull-requests-limit: 10
    groups:
      version-bumps:
        applies-to: version-updates
        update-types: ["minor", "patch"]
	# Example configuration that's quite detailed in its approach.
	# .github/dependabot.yaml

	version: 2
	updates:
	- package-ecosystem: github-actions
	directory: "/"
	schedule:
	day: monday
	interval: weekly
	time: "13:00"
	open-pull-requests-limit: 10
	groups:
	version-bumps:
	applies-to: version-updates
	update-types: ["minor", "patch"]

	- package-ecosystem: gomod
	directory: "/"
	schedule:
	interval: weekly
	time: "12:00"
	open-pull-requests-limit: 10
	groups:
	# Always create a separate PR for zonedb updates
	zonedb-only:
	patterns:
	- "github.com/zonedb/zonedb"
	# Create a grouped PR specifically for fastly dependencies.
	fastly-modules:
	applies-to: version-updates
	patterns:
	- "github.com/fastly"
	# Create a grouped PR for all go.mod dependencies that have a minor or
	# patch version updates. All major updates will be separate PRs.
	external-modules:
	applies-to: version-updates
	update-types: ["minor", "patch"]
	exclude-patterns:
	- "github.com/zonedb/zonedb"
	- "github.com/fastly"

	- package-ecosystem: terraform
	# specify directories for dependabot to monitor for updating
	# directories allows the use wildcard and globbing, which is needed because infrastructure contains many layers of subdirectories
	# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#directories-or-directory--
	directories:
	- "/infrastructure" # files within the directory
	- "/infrastructure/*/" # subdirectories
	schedule:
	day: monday
	interval: weekly
	time: "13:00" # 5am Pacific
	open-pull-requests-limit: 10
	groups:
	version-bumps:
	applies-to: version-updates
	update-types: ["minor", "patch"]