| CARVIEW |
Configuring Dependabot for a Python project
GitHub's Dependabot can automatically file PRs with bumps to dependencies when new versions of them are available.
In June 2023 they added support for Grouped version updates, so one PR will be filed that updates multiple dependencies at the same time.
The Dependabot setup instructions don't explicitly mention projects which keep all of their dependency information in setup.py.
It works just fine with those kinds of projects too.
To start it working, create a file in .github/dependabot.yml with the following contents:
version: 2
updates:
- package-ecosystem: pip
directory: "/"
schedule:
interval: daily
time: "13:00"
groups:
python-packages:
patterns:
- "*"Then navigate to https://github.com/simonw/s3-credentials/network/updates (but for your project) - that's Insights -> Dependency graph -> Dependabot - to confirm that it worked.
This should work for projects that use setup.py or pyproject.toml or requirements.txt.
Related
- github-actions actions/setup-python caching for setup.py projects - 2022-11-28
- readthedocs Running pip install '.[docs]' on ReadTheDocs - 2023-11-24
- github-actions Testing against Python 3.11 preview using GitHub Actions - 2022-02-02
- github-actions Running tests against multiple versions of a Python dependency in GitHub Actions - 2023-09-15
- python Defining setup.py dependencies using a URL - 2022-08-13
- python Python packages with pyproject.toml and nothing else - 2023-07-07
- homebrew Automatically maintaining Homebrew formulas using GitHub Actions - 2023-06-21
- googlecloud Workaround for google-github-actions/setup-gcloud errors - 2022-12-01
- electron Configuring auto-update for an Electron app - 2021-09-13
- readthedocs Updating stable docs in ReadTheDocs without pushing a release - 2023-08-20
Created 2022-01-14T16:33:03-08:00, updated 2023-08-03T17:41:54-07:00 · History · Edit