mirror of
https://github.com/element-hq/synapse.git
synced 2026-01-16 23:00:43 +00:00
a096fba969
Some checks are pending
Build docker images / Build and push image for linux/amd64 (push) Waiting to run
Build docker images / Build and push image for linux/arm64 (push) Waiting to run
Build docker images / Push merged images to docker.io/matrixdotorg/synapse (push) Blocked by required conditions
Build docker images / Push merged images to ghcr.io/element-hq/synapse (push) Blocked by required conditions
Deploy the documentation / Calculate variables for GitHub Pages deployment (push) Waiting to run
Deploy the documentation / GitHub Pages (push) Blocked by required conditions
Build release artifacts / Calculate list of debian distros (push) Waiting to run
Build release artifacts / Build .deb packages (push) Blocked by required conditions
Build release artifacts / Build wheels on ubuntu-24.04 (push) Waiting to run
Build release artifacts / Build wheels on ubuntu-24.04-arm (push) Waiting to run
Build release artifacts / Build sdist (push) Waiting to run
Build release artifacts / Attach assets to release (push) Blocked by required conditions
Schema / Ensure Synapse config schema is valid (push) Waiting to run
Schema / Ensure generated documentation is up-to-date (push) Waiting to run
Tests / check-schema-delta (push) Blocked by required conditions
Tests / check-lockfile (push) Waiting to run
Tests / lint (push) Blocked by required conditions
Tests / lint-readme (push) Blocked by required conditions
Tests / changes (push) Waiting to run
Tests / check-sampleconfig (push) Blocked by required conditions
Tests / linting-done (push) Blocked by required conditions
Tests / Typechecking (push) Blocked by required conditions
Tests / lint-crlf (push) Waiting to run
Tests / lint-newsfile (push) Waiting to run
Tests / lint-clippy (push) Blocked by required conditions
Tests / lint-clippy-nightly (push) Blocked by required conditions
Tests / lint-rust (push) Blocked by required conditions
Tests / lint-rustfmt (push) Blocked by required conditions
Tests / calculate-test-jobs (push) Blocked by required conditions
Tests / trial (push) Blocked by required conditions
Tests / trial-olddeps (push) Blocked by required conditions
Tests / trial-pypy (all, pypy-3.10) (push) Blocked by required conditions
Tests / sytest (push) Blocked by required conditions
Tests / export-data (push) Blocked by required conditions
Tests / portdb (14, 3.10) (push) Blocked by required conditions
Tests / portdb (17, 3.14) (push) Blocked by required conditions
Tests / complement (monolith, Postgres) (push) Blocked by required conditions
Tests / complement (monolith, SQLite) (push) Blocked by required conditions
Tests / complement (workers, Postgres) (push) Blocked by required conditions
Tests / cargo-test (push) Blocked by required conditions
Tests / cargo-bench (push) Blocked by required conditions
Tests / tests-done (push) Blocked by required conditions
92 lines
3 KiB
YAML
92 lines
3 KiB
YAML
version: 2
|
|
# As dependabot is currently only run on a weekly basis, we raise the
|
|
# open-pull-requests-limit to 10 (from the default of 5) to better ensure we
|
|
# don't continuously grow a backlog of updates.
|
|
updates:
|
|
- # "pip" is the correct setting for poetry, per https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
|
|
package-ecosystem: "pip"
|
|
directory: "/"
|
|
open-pull-requests-limit: 10
|
|
schedule:
|
|
interval: "weekly"
|
|
# Group patch updates to packages together into a single PR, as they rarely
|
|
# if ever contain breaking changes that need to be reviewed separately.
|
|
#
|
|
# Less PRs means a streamlined review process.
|
|
#
|
|
# Python packages follow semantic versioning, and tend to only introduce
|
|
# breaking changes in major version bumps. Thus, we'll group minor and patch
|
|
# versions together.
|
|
groups:
|
|
minor-and-patches:
|
|
applies-to: version-updates
|
|
patterns:
|
|
- "*"
|
|
update-types:
|
|
- "minor"
|
|
- "patch"
|
|
# Prevent pulling packages that were recently updated to help mitigate
|
|
# supply chain attacks. 14 days was taken from the recommendation at
|
|
# https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
|
|
# where the author noted that 9/10 attacks would have been mitigated by a
|
|
# two week cooldown.
|
|
#
|
|
# The cooldown only applies to general updates; security updates will still
|
|
# be pulled in as soon as possible.
|
|
cooldown:
|
|
default-days: 14
|
|
|
|
- package-ecosystem: "docker"
|
|
directory: "/docker"
|
|
open-pull-requests-limit: 10
|
|
schedule:
|
|
interval: "weekly"
|
|
# For container versions, breaking changes are also typically only introduced in major
|
|
# package bumps.
|
|
groups:
|
|
minor-and-patches:
|
|
applies-to: version-updates
|
|
patterns:
|
|
- "*"
|
|
update-types:
|
|
- "minor"
|
|
- "patch"
|
|
cooldown:
|
|
default-days: 14
|
|
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
open-pull-requests-limit: 10
|
|
schedule:
|
|
interval: "weekly"
|
|
# Similarly for GitHub Actions, breaking changes are typically only introduced in major
|
|
# package bumps.
|
|
groups:
|
|
minor-and-patches:
|
|
applies-to: version-updates
|
|
patterns:
|
|
- "*"
|
|
update-types:
|
|
- "minor"
|
|
- "patch"
|
|
cooldown:
|
|
default-days: 14
|
|
|
|
- package-ecosystem: "cargo"
|
|
directory: "/"
|
|
open-pull-requests-limit: 10
|
|
versioning-strategy: "lockfile-only"
|
|
schedule:
|
|
interval: "weekly"
|
|
# The Rust ecosystem is special in that breaking changes are often introduced
|
|
# in minor version bumps, as packages typically stay pre-1.0 for a long time.
|
|
# Thus we specifically keep minor version bumps separate in their own PRs.
|
|
groups:
|
|
patches:
|
|
applies-to: version-updates
|
|
patterns:
|
|
- "*"
|
|
update-types:
|
|
- "patch"
|
|
cooldown:
|
|
default-days: 14
|