ci: add Dependabot configuration for automated dependency updates

rprabhat · rprabhat · commit ec2f07df25a8 · 2026-03-31T13:58:41.000+11:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,71 +1,49 @@
-# Dependabot configuration for TypeScript/JavaScript projects
-# Template for: folio, CardScannerApp, crewcircle, rental-app
-
 version: 2
-
 updates:
-  # npm packages - Weekly check with grouping
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "weekly"
       day: "monday"
-      time: "09:00"
-      timezone: "Australia/Sydney"
     open-pull-requests-limit: 10
-    versioning-strategy: increase-if-necessary
+    reviewers:
+      - "Sensible-Analytics"
     labels:
       - "dependencies"
-      - "npm"
-    reviewers:
-      - "Sensible-Analytics/engineering"
+      - "security"
     commit-message:
-      prefix: "chore(deps)"
-      include: "scope"
+      prefix: "deps"
     groups:
-      # Group production dependencies
-      production:
+      production-dependencies:
         dependency-type: "production"
         update-types:
           - "minor"
           - "patch"
-      # Group development dependencies
-      development:
+      dev-dependencies:
         dependency-type: "development"
         update-types:
           - "minor"
           - "patch"
-      # Security updates (always separate)
-      security:
-        patterns:
-          - "*"
-        update-types:
-          - "patch"
-        applies-to: security-updates
-    ignore:
-      # Ignore major updates initially (manual review required)
-      - dependency-name: "*"
-        update-types: ["version-update:semver-major"]
 
-  # GitHub Actions - Weekly check
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
       day: "monday"
-      time: "09:00"
-      timezone: "Australia/Sydney"
-    open-pull-requests-limit: 20
+    commit-message:
+      prefix: "ci"
     labels:
       - "dependencies"
-      - "github-actions"
-    reviewers:
-      - "Sensible-Analytics/engineering"
+      - "ci"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+      - "security"
     commit-message:
-      prefix: "ci"
-      include: "scope"
-    groups:
-      actions:
-        patterns:
-          - "*"
-    rebase-strategy: auto
+      prefix: "deps"
