Skip to content

wemake-services/kira-dependencies

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

537 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
Gemfile
Gemfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
update.rb
update.rb
 
 

Repository files navigation

Kira Dependencies Bot

wemake.services kira-family

Gitlab bot to continuously update your dependency versions. Friendly fork of dependabot-script. The main difference is that the script's source is adjusted to work with RSDP process.

Part of the @kira bots family.

Installation

We recommend to copy this project to your Gitlab. And then setup individual CI schedules for each project that you want to enable.

Configuration

Global

This is a global configuration that you should setup inside your CI variables.

  • KIRA_GITLAB_PERSONAL_TOKEN - personal access token for your bot user
  • GITLAB_HOSTNAME - (optional) Gitlab domain name, defaults to gitlab.com
  • KIRA_GITHUB_PERSONAL_TOKEN - Github personal access token to avoid hitting rate limit

Per schedule

This configuration is best to be setup inside CI schedule's environment.

  • PACKAGE_MANAGER_SET - magic variable, package managers to be updated, eg: npm pip docker
  • DEPENDABOT_PROJECT_PATH - project to be updated, eg: wemake-services/kira-dependencies
  • DEPENDABOT_DIRECTORY - directory to look for package file, defaults to /
  • DEPENDABOT_SOURCE_BRANCH - (optional) Source branch for merge requests, defaults to project default branch
  • DEPENDABOT_ASSIGNEE_GITLAB_ID - (optional) Gitlab user id to assign to merge requests
  • DEPENDABOT_GITLAB_APPROVE_MERGE - (optional) setup to true if you want our bot to approve your merge requests
  • DEPENDABOT_GITLAB_AUTO_MERGE - (optional) setup to true if you want to auto merge this request
  • DEPENDABOT_MAX_MERGE_REQUESTS - (optional) setup the number of max openened merge requests you want.
  • DEPENDABOT_EXTRA_CREDENTIALS - (optional) JSON of extra credential config, for example a private registry authentication (For example FontAwesome Pro: [{"type":"npm_registry","token":"<redacted>","registry":"npm.fontawesome.com"}])
  • DEPENDABOT_IGNORED_VERSIONS - (optional) JSON of versions which should be ignored during update. The expected format is {"vendor/package": [">0.1.0", ">0.2.0"]}. It mirrors functionality of ignored_updates in dependabot.

Per package manager

  • DEPENDABOT_UPDATE_STRATEGY - (optional) change how each package manager updates your dependency versions, see list of allowed values here
  • DEPENDABOT_EXCLUDE_REQUIREMENTS_TO_UNLOCK - (optional) exclude certain dependency updates requirements for each package manager, see list of allowed values here. Useful if you have lots of dependencies and the update script too slow. Example: own all to only use the none version requirement
  • KIRA_FAIL_ON_EXCEPTION - (optional) setup to true if you want the job to fail if an exception occurs

About

🐿 Kira's micro-bot to update project dependencies

dependabot.com

Topics

bot gitlab gitlab-ci rsdp dependabot wemake-services gitlab-bot kira-bot

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

103 stars

Watchers

4 watching

Forks

18 forks
Report repository

Releases

No releases published

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 19

+ 5 contributors

Languages