From 1facabefd28bda3004d25e0447b324df935dcc66 Mon Sep 17 00:00:00 2001 From: Chris C Date: Thu, 20 Nov 2025 21:39:33 -0700 Subject: [PATCH 1/2] Configure Dependabot for pip package updates Create a dependabot config. It is the basic config suggested by GitHub. --- .github/dependabot.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..5870d412 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" From 1ad7ce1f1b23afaa0237ec7bbba7ea0ce9c7cf95 Mon Sep 17 00:00:00 2001 From: Chris C Date: Thu, 20 Nov 2025 21:47:13 -0700 Subject: [PATCH 2/2] Add GitHub Actions to the dependabot config --- .github/dependabot.yml | 7 ++++--- AGENTS.md | 34 ++++++++++++++++++++++++++++++++++ README.md | 10 ++++++++++ 3 files changed, 48 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5870d412..645c171a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,9 +1,10 @@ -# Please see the documentation for all configuration options: -# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file - version: 2 updates: - package-ecosystem: "pip" directory: "/" schedule: interval: "weekly" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/AGENTS.md b/AGENTS.md index f9a733dd..0f3fdf83 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -29,6 +29,7 @@ This is the **Weekly Dev Chat** website, a static site built with MkDocs Materia ├── create_post.sh # Bash script to create new blog posts ├── create_post.ps1 # PowerShell script to create new blog posts ├── .github/ +│ ├── dependabot.yml # Dependabot dependency updates │ └── workflows/ │ └── ci.yml # GitHub Actions deployment workflow └── docs/ # All site content @@ -206,6 +207,39 @@ Not typically needed due to automated workflow, but can be done: mkdocs gh-deploy --force ``` +## Dependency Management + +### Dependabot + +Dependabot is configured in `.github/dependabot.yml` to automatically keep dependencies up to date: + +- **Python packages** (`requirements.txt`): Checked weekly for updates to mkdocs-material +- **GitHub Actions**: Checked weekly for updates to workflow actions (checkout, setup-python, cache) + +When updates are available, Dependabot automatically creates pull requests with: +- Version bump details +- Changelog information +- Compatibility notes + +**Configuration**: +```yaml +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" +``` + +**Review Process**: Review and merge Dependabot PRs after verifying: +1. CI/CD workflow passes +2. Local testing confirms no breaking changes +3. Release notes indicate compatibility + ## Git Ignore Patterns The following are ignored: diff --git a/README.md b/README.md index 15e4fb13..9e74f04b 100644 --- a/README.md +++ b/README.md @@ -112,6 +112,7 @@ These scripts will: ├── create_post.sh # Bash script to create blog posts ├── create_post.ps1 # PowerShell script to create blog posts ├── .github/ +│ ├── dependabot.yml # Dependabot configuration │ └── workflows/ │ └── ci.yml # GitHub Actions deployment └── docs/ # All site content @@ -164,6 +165,15 @@ While not typically needed, you can manually deploy: ```bash mkdocs gh-deploy --force ``` + +## Dependency Management + +The project uses **Dependabot** to automatically keep dependencies up to date. Dependabot is configured to check weekly for: +- Python package updates (mkdocs-material) +- GitHub Actions updates + +When updates are available, Dependabot creates pull requests automatically. Review and merge these PRs after verifying the CI workflow passes. + ## Resources - [MkDocs Documentation](https://www.mkdocs.org)