Add Dependabot to ruby projects on GitHub

Dependabot logo
Dependabot logo
Dependabot

Dependabot automates dependency updates for projects on GitHub. We’ll go over how to automate dependency updates for bundler or Ruby projects.

Configuration

Create .github/dependabot.yml:

$ mkdir -p .github/
$ touch .github/dependabot.yml

Add the minimum (required) configuration:

Given the configuration, Dependabot will check on a daily interval for bundler updates using the package manifest (Gemfile) located at the repository root (/).

For more options, check out “Configuration options for dependency updates”.

Example

Let’s say rubyzip recently published version 2.0.0 and you’re on 1.2.3.

At 5am UTC, Dependabot will scan your Gemfile and open a pull request (PR) to merge branch dependabot/bundler/rubyzip-2.0.0 to master.

The commit message will look like:

build(deps): bump rubyzip from 1.2.3 to 2.0.0

The PR description will contain rubyzip’s release notes and commits.

See example PR.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store