Add Update dependabot.yml Workflow

Closes gh-14486
2 years ago · 5f31c6a939
2 changed files with 76 additions and 0 deletions
--- a/.github/dependabot.template.yml
+++ b/.github/dependabot.template.yml
@ -0,0 +1,39 @@
				@@ -0,0 +1,39 @@
+version: 2
+
+registries:
+  spring-milestones:
+    type: maven-repository
+    url: https://repo.spring.io/milestone
+
+updates:
+
+  - package-ecosystem: "gradle"
+    target-branch: "main"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "03:00"
+      timezone: "Etc/UTC"
+    labels: [ "type: dependency-upgrade" ]
+    registries:
+      - "spring-milestones"
+    ignore:
+      - dependency-name: "com.nimbusds:nimbus-jose-jwt" # nimbus-jose-jwt gets updated when oauth2-oidc-sdk is updated to ensure consistency
+      - dependency-name: "org.python:jython" # jython updates break integration tests
+      - dependency-name: "org.apache.directory.server:*" # ApacheDS version > 1.5.5 contains break changes
+      - dependency-name: "org.junit:junit-bom"
+        update-types: [ "version-update:semver-major" ]
+      - dependency-name: "org.mockito:mockito-bom"
+        update-types: [ "version-update:semver-major" ]
+      - dependency-name: "*"
+        update-types: [ "version-update:semver-major", "version-update:semver-minor" ]
+
+  #    GitHub Actions
+
+  - package-ecosystem: github-actions
+    target-branch: "main"
+    directory: "/"
+    schedule:
+      interval: weekly
+    ignore:
+      - dependency-name: "sjohnr/*"
--- a/.github/workflows/update-dependabot.yml
+++ b/.github/workflows/update-dependabot.yml
@ -0,0 +1,37 @@
				@@ -0,0 +1,37 @@
+name: Update dependabot.yml
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *' # Once per day at midnight UTC
+
+permissions:
+  contents: read
+
+jobs:
+
+  get-supported-branches:
+    uses: spring-io/spring-security-release-tools/.github/workflows/retrieve-spring-supported-versions.yml@d615a5694c761901330655fdd0e3721dc4ccf0fe
+    with:
+      project: spring-security
+      type: oss
+
+  main:
+    runs-on: ubuntu-latest
+    needs: [get-supported-branches]
+    if: ${{ (github.repository == 'spring-projects/spring-security') && (github.ref == 'refs/heads/main') }}
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - uses: marcusdacoregio/generate-dependabot-yml@380cfc736e153864e970429ea6a640ce46953a17
+        name: Update dependabot.yml
+        with:
+          gradle-branches: ${{ needs.get-supported-branches.outputs.supported_versions }},main
+          github-actions-branches: ${{ needs.get-supported-branches.outputs.supported_versions }},main,docs-build
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: Update dependabot.yml