Creates and updates your Dependabot configuration file, dependabot.yml.
Hinge automatically creates and updates a repository's dependabot.yml file, by recursively walking through the repository, identifying all supported Dependabot platform ecosystems, noting their paths relative to the repository root, and finally producing a YAML-compliant configuration in /.github/dependabot.yml.
Dependabot is GitHub's flagship product for Supply Chain Security. Dependabot takes the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on.
You can use Homebrew to install hinge using the following:
brew tap devops-kung-fu/homebrew-tap
brew install devops-kung-fu/homebrew-tap/hingeTo install hinge, download the latest release [deb or rpm](https://github.com/devops-kung-fu/hinge/releases and install.
# Debian Example
dpkg -i hinge_1.0.1_linux_amd64.deb
### With a Go Development Environment
If you have a Go development environment set up, you can also simply do this:
``` bash
go install github.com/devops-kung-fu/hinge@latestHinge
DKFM - DevOps Kung Fu Mafia
https://github.com/devops-kung-fu/hinge
Version: 1.0.0
Creates or updates your Dependabot config.
Usage:
hinge [flags] path/to/repo
Examples:
hinge path/to/repo
Flags:
-d, --day string Specify a day to check for updates when using a weekly interval. (default "monday")
--debug Displays debug level log messages.
-h, --help help for hinge
-i, --interval string How often to check for new versions. (default "daily")
-t, --time string Specify a time of day to check for updates using 24 hour format (format: hh:mm). (default "05:00")
-z, --timezone string Specify a time zone. Valid timezones are available at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. (default "US/Pacific")
-v, --verbose Displays command line output. (default true)
--version version for hinge
Once hinge is installed, you can run this command in the root of your git repository:
hinge .NOTE: The provided path must be a git repository.
| Flag | Notes |
|---|---|
| -d, --day | Must be a valid day of the week. (monday, tuesday, wednesday, thursday, friday, saturday, sunday). Defaults to monday if using a weekly interval. |
| -i, --interval | Must be one of the following: daily, weekly, monthly. Defaults to daily. |
| -z, --timezone | Must be a timezone listed at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. Defaults to "US/Pacific if not explicitly defined. |
In order to use contribute and participate in the development of hinge you'll need to have an updated Go environment. Before you start, please view the Contributing and Code of Conduct files in this repository.
This project makes use of DKFM tools such as Hookz and other open source tooling. Install these tools with the following commands:
go install github.com/devops-kung-fu/hookz@latest
go install github.com/kisielk/errcheck@latest
go install golang.org/x/lint/golint@latest
go install github.com/fzipp/gocyclo@latest
hinge uses the CycloneDX to generate a Software Bill of Materials in CycloneDX format (v1.4) every time a developer commits code to this repository (as long as Hookz is being used and has been initialized in the working directory). More information for CycloneDX is available here
The current SBoM for hinge is available here.
A big thank-you to our friends at Freepik for the hinge logo.