Support dependencies autoupdate 🆙️

[imanushin]

Support a way of automatic dependency updates (add some bot?).

[JamieSlome]

The following should enable Dependabot:

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

version: 2
updates:
  - package-ecosystem: "" # See documentation for possible values
    directory: "/" # Location of package manifests
    schedule:
      interval: "weekly"

You'll need to find the right value for package-ecosystem and make sure the directory points to where your package manifest sits.

[magner669]

Configuration options for the dependabot.yml file

[JamieSlome]

@jigga - drop a comment on this issue and we can assign to you 👍

[jigga]

I have raised #37 to resolve this issue.

[JamieSlome]

Reopening this issue as we don't currently have Dependabot PRs spinning up for some reason 🤔

[magner669]

@JamieSlome please see https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates.

I have no access to settings , therefore assigning to you.

[magner669]

Thanks @jigga for your valuable contribution!

[JamieSlome]

@magner669 - it is already enabled. Something is failing here.

[magner669]

Yup , looks like it cant open a pull request.

https://github.com/Citi/gradle-helm-plugin/network/updates/814223866

The error is:

POST https://api.github.com/repos/Citi/gradle-helm-plugin/git/refs: 422 - Reference update failed // See: https://docs.github.com/rest/git/refs#create-a-reference

I think, condisering its working trivially on @jigga 's clone this is something to do with the repository settings here.

[JamieSlome]

@magner669 @jigga - I think adding the following to the workflow file will work:

permissions:
  pull-requests: write

[magner669]

How do you explain the file without this chagnge working as is on @jigga 's clone?

[JamieSlome]

@magner669 - figured it out 🎉 Dependabot is unable to create new branches as we have configuration settings which lock down who can create new branches 👍

I will adjust to support this new requirement.

[magner669]

Can we close this ?

[JamieSlome]

@magner669 - yep! 👍

[JamieSlome]

@imanushin @magner669 - please see https://blog.gradle.org/gradle-github-partnership-supply-chain-security