From 3c0bad9ea2c5d00e7cef1b90baff46b1dabcad62 Mon Sep 17 00:00:00 2001
From: Joshua Casey <joshuatcasey@gmail.com>
Date: Wed, 29 May 2024 17:37:25 -0500
Subject: [PATCH] Use dependabot to automate major-only dependency bumps

---
 .github/dependabot.yml | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index a5bf10208..9af0d2353 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,12 +9,25 @@ updates:
     schedule:
       interval: "daily"
 
-# Our own CI job is responsible for updating this go.mod file now.
-#  - package-ecosystem: "gomod"
-#    open-pull-requests-limit: 100
-#    directory: "/"
-#    schedule:
-#      interval: "daily"
+  # Use dependabot to automate major-only dependency bumps
+  - package-ecosystem: "gomod"
+    open-pull-requests-limit: 2 # Not sure why there would ever be more than 1, just would not want to hide anything
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # group all major dependency bumps together so there's only one pull request
+    groups:
+      go-modules:
+        patterns:
+        - "*"
+        update-types:
+        - "major"
+    ignore:
+    # For all packages, ignore all minor and patch updates
+    - dependency-name: "*"
+      update-types:
+      - "version-update:semver-minor"
+      - "version-update:semver-patch"
 
 # Our own CI job is responsible for updating this Docker file now.
 #  - package-ecosystem: "docker"