Add Dependabot to Ruby projects on GitHub
Dependabot automates dependency updates for projects on GitHub. We’ll go over how to automate dependency updates for bundler or Ruby projects.
Configuration
Create .github/dependabot.yml
:
$ mkdir -p .github/
$ touch .github/dependabot.yml
Add the minimum (required) configuration:
Given the configuration, Dependabot will check on a daily interval for bundler
updates using the package manifest (Gemfile
) located at the repository root (/
).
For more options, check out “Configuration options for dependency updates”.
Example
Let’s say rubyzip
recently published version 2.0.0
and you’re on 1.2.3
.
At 5am UTC, Dependabot will scan your Gemfile
and open a pull request (PR) to merge branch dependabot/bundler/rubyzip-2.0.0
to master
.
The commit message will look like:
build(deps): bump rubyzip from 1.2.3 to 2.0.0
The PR description will contain rubyzip’s release notes and commits.
See example PR.