diff --git a/source/documentation/adrs/013-use-aws-secrets-manager-for-secrets.html.md.erb b/source/documentation/adrs/013-use-aws-secrets-manager-for-secrets.html.md.erb index 80f5ca4..272334a 100644 --- a/source/documentation/adrs/013-use-aws-secrets-manager-for-secrets.html.md.erb +++ b/source/documentation/adrs/013-use-aws-secrets-manager-for-secrets.html.md.erb @@ -1,7 +1,7 @@ --- owner_slack: "#nvvs-devops" -title: 006 - Use AWS Secrets Manager for Secrets -last_reviewed_on: 2024-11-07 +title: 013 - Use AWS Secrets Manager for Secrets +last_reviewed_on: 2024-12-05 review_in: 6 months --- diff --git a/source/documentation/adrs/014-use-dependabot-to-manage-dependency-updates.html b/source/documentation/adrs/014-use-dependabot-to-manage-dependency-updates.html new file mode 100644 index 0000000..90f9131 --- /dev/null +++ b/source/documentation/adrs/014-use-dependabot-to-manage-dependency-updates.html @@ -0,0 +1,41 @@ +--- +owner_slack: "#nvvs-devops" +title: 014 - Use Dependabot to manage dependency updates +last_reviewed_on: 2024-12-05 +review_in: 6 months +--- + +# 014 - Use Dependabot to manage dependency updates +Date: 2020-12-05 + +## Status +✅ Accepted + +## Context +Both Renovate Bot and Dependabot are being used in our repository to manage dependency updates. +This is leading to conflicts where both tools create separate pull requests (PRs) for the same dependencies, resulting in unnecessary duplication and management overhead. + +## Decision + +To use Dependabot, as its better suited for GitHub-based projects due to its simplicity, native integration, and focus on security, and temporarily disable renovate bot. + +Currently, Dependabot targets: + +- "bundler", which is used for managing Ruby dependencies. Dependabot will check for updates in the root directory ("/") on a daily basis. +- "terraform", with updates being checked in the "/terraform" directory daily. +- "github-actions", which manages GitHub Actions workflows. Updates will be checked in the root directory ("/") daily. +- "pip", used for Python dependencies. Dependabot will check for updates in the root directory ("/") daily. +- "npm", which manages JavaScript dependencies. Updates will be checked in the root directory ("/") daily. + +### Alternative Considerations: + +#### Renovate Bot + +Renovate bot targeting dependencies from the “terraform-module” and “terraform-provider” in the repositories have been temporarily disabled + +- 'ministryofjustice/network-access-control-infrastructure', +- 'ministryofjustice/nvvs-devops-github-actions', +- 'ministryofjustice/staff-device-dns-dhcp-infrastructure', +- 'ministryofjustice/staff-device-shared-services-infrastructure', +- 'ministryofjustice/staff-infrastructure-network-services', +- 'ministryofjustice/staff-technology-services-github-teams' \ No newline at end of file diff --git a/source/documentation/adrs/adr-index.html.md.erb b/source/documentation/adrs/adr-index.html.md.erb index 044316f..4ad8276 100644 --- a/source/documentation/adrs/adr-index.html.md.erb +++ b/source/documentation/adrs/adr-index.html.md.erb @@ -1,7 +1,7 @@ --- owner_slack: "#nvvs-devops" title: Architecture Decision Records index -last_reviewed_on: 2024-11-07 +last_reviewed_on: 2024-12-05 review_in: 6 months --- @@ -27,9 +27,11 @@ To understand why we are recording decisions and how we are doing it, please see | ADR-011 | ✅ | [Use GitHub Actions for CI/CD](011-use-github-actions-for-ci-cd.html) | | ADR-012 | ✅ | [Use TechDocs for ADRs](012-use-techdocs-for-adrs.html) | | ADR-013 | ✅️ | [Use AWS Secrets Manager for secrets](013-use-aws-secrets-manager-for-secrets.html) | +| ADR-014 | ✅️ | [Use Dependabot to manage dependency updates](014-use-dependabot-to-manage-dependency-updates.html) ## Statuses - ✅ Accepted - ❌ Rejected - 🤔 Proposed - ⌛️ Superseded +