dependabot: only do security updates (#457)

google-github-actions · Jul 11, 2023 · 12f1942 · 12f1942
1 parent e62f655
commit 12f1942
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 21 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,24 +1,10 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    commit-message:
-      prefix: "chore(deps): "
-    rebase-strategy: "disabled"
+  - package-ecosystem: 'npm'
+    directory: '/'
+    rebase-strategy: 'disabled'
     schedule:
-      interval: "daily"
-    ignore:
-      - dependency-name: "*"
-        update-types: ["version-update:semver-patch", "version-update:semver-minor"] # Security updates are unaffected by this setting
-
-  - package-ecosystem: "npm"
-    directory: "/example-app"
+      interval: 'daily'
     commit-message:
-      prefix: "chore(deps): "
-    schedule:
-      interval: "monthly"
+      prefix: 'security: '
+    open-pull-requests-limit: 0 # only check security updates
diff --git a/tests/e2e.test.ts b/tests/e2e.test.ts
@@ -160,7 +160,7 @@ describe('E2E tests', function () {
     if (LABELS && service) {
       const expected = JSON.parse(LABELS);
       const actual = service?.spec?.template?.metadata?.labels;
-      expect(actual).to.deep.eq(expected);
+      expect(actual).to.deep.include(expected);
     }
   });