Merge pull request #87 from foretagsplatsen/25684433/Make_dependabot_…

…update_private_dependencies_in_yaem
foretagsplatsen · Aug 7, 2023 · f1abf9e · f1abf9e
2 parents 3858d80 + 32904e7
commit f1abf9e
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,8 +1,16 @@
 # https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#open-pull-requests-limit
 version: 2
+registries:
+  # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#npm-registry
+  npm-github: # Define access for our private NPM registry
+    type: npm-registry
+    url: https://npm.pkg.github.com
+    token: ${{secrets.FINSIT_GITHUB}}
+    replaces-base: true
 updates:
   - package-ecosystem: "npm"
     directory: "/"
+    registries: "*"
     open-pull-requests-limit: 1000 # we don't want to limit PRs
     schedule:
       interval: "daily" # runs on every weekday, Monday to Friday