plugin-tools icon indicating copy to clipboard operation
plugin-tools copied to clipboard
verified publisher icon grafana

Feat: Add a dependabot config for plugins

Open jackw opened this issue 3 months ago • 3 comments

Which areas does this feature request relate to

  • [x] Create Plugin
  • [ ] Sign Plugin
  • [ ] Plugin E2E
  • [ ] Plugin Meta Extractor
  • [ ] Documentation

Problem

The release of create-plugin v6 stopped the update command from automatically updating all dependencies. This decision was made to try to reduce unwanted changes, noise in PRs, and breakages in tooling / scripts.

Solution

To help plugin devs keep their dependencies up to date we should supply a dependabot config out on scaffold. It should likely handle github-actions, npm and golang (if the plugin has a backend).

Alternatives

No response

Additional context

No response

Are you interested in contributing the solution?

  • [ ] Yes
  • [ ] No

jackw avatar Oct 09 '25 10:10 jackw

@jackw

I am interested in this ticket, can I take this one?

joonseolee avatar Oct 14 '25 23:10 joonseolee

@joonseolee yeah sure. I've assigned it to you now. If you've any questions feel free to ask here or in a draft PR.

jackw avatar Oct 29 '25 14:10 jackw

What's the plan along these same lines for Renovate? I saw in the original announcement about the change to create-plugin-update there was a recommendation to use something like Dependabot or Renovate. Will this standardize on Dependabot? Or would you all also welcome an equivalent Renovate config PR? I don't have a strong opinion one way or the other there, just curious to know what the team & community are thinking.

cap10morgan avatar Nov 12 '25 17:11 cap10morgan