Add Dependabot Config

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rolemodel_rails (0.26.0)
+    rolemodel_rails (0.27.0)
       rails (> 7.1)
 
 GEM

example_rails7/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    rolemodel_rails (0.26.0)
+    rolemodel_rails (0.27.0)
       rails (> 7.1)
 
 GEM

example_rails8/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    rolemodel_rails (0.26.0)
+    rolemodel_rails (0.27.0)
       rails (> 7.1)
 
 GEM
@@ -522,7 +522,7 @@ CHECKSUMS
   regexp_parser (2.11.3) sha256=ca13f381a173b7a93450e53459075c9b76a10433caadcb2f1180f2c741fc55a4
   reline (0.6.3) sha256=1198b04973565b36ec0f11542ab3f5cfeeec34823f4e54cebde90968092b1835
   rexml (3.4.4) sha256=19e0a2c3425dfbf2d4fc1189747bdb2f849b6c5e74180401b15734bc97b5d142
-  rolemodel_rails (0.26.0)
+  rolemodel_rails (0.27.0)
   rubocop (1.84.1) sha256=14cc626f355141f5a2ef53c10a68d66b13bb30639b26370a76559096cc6bcc1a
   rubocop-ast (1.49.0) sha256=49c3676d3123a0923d333e20c6c2dbaaae2d2287b475273fddee0c61da9f71fd
   rubocop-performance (1.26.1) sha256=cd19b936ff196df85829d264b522fd4f98b6c89ad271fa52744a8c11b8f71834

lib/generators/rolemodel/github/github_generator.rb

@@ -2,30 +2,23 @@
 
 module Rolemodel
   class GithubGenerator < BaseGenerator
-    # Source root is the project-level .github directory
-    # This allows us to use the same templates for both the generated app and this gem
-    source_root File.expand_path('.github')
+    # Files which are both used by the gem source and copied to the target app without modification
+    # are placed in the `.github` folder at the top level of this repository. This folder is then
+    # symlinked to the `templates` folder relative to this generator so they can still be copied over.
+    # Any files which are significantly different or not used by the gem source are just in `templates`.
+    source_root File.expand_path('templates', __dir__)
 
-    def install_pull_request_template
+    def install_github_config
+      directory 'instructions', '.github/instructions'
+      directory 'workflows', '.github/workflows'
       template 'pull_request_template.md', '.github/pull_request_template.md'
     end
 
-    def remove_rolemodel_rails_version_check
-      gsub_file '.github/pull_request_template.md',
-                "* [ ] Run `bin/bump_version` or `bin/bump_version --patch`\n",
-                ''
-    end
-
-    def install_copilot_instructions
-      copy_file 'instructions/css.instructions.md', '.github/instructions/css.instructions.md'
-      copy_file 'instructions/js.instructions.md', '.github/instructions/js.instructions.md'
-      copy_file 'instructions/project.instructions.md', '.github/instructions/project.instructions.md'
-      copy_file 'instructions/ruby.instructions.md', '.github/instructions/ruby.instructions.md'
-      copy_file 'instructions/slim.instructions.md', '.github/instructions/slim.instructions.md'
-    end
+    def install_dependabot_and_codeowners
+      copy_file 'dependabot.yml', '.github/dependabot.yml'
+      copy_file 'CODEOWNERS', '.github/CODEOWNERS'
 
-    def install_ci_yml
-      copy_file 'templates/ci.yml', '.github/workflows/ci.yml'
+      say '👉 See CODEOWNERS file for important instructions.', %i[bold red on_blue]
     end
 
     def update_database_yml_for_ci

lib/generators/rolemodel/github/templates/CODEOWNERS

@@ -0,0 +1,8 @@
+# This file is used by Dependabot (and more broadly GitHub) to determine who needs to review
+# pull requests which contain changes to specific files. Specifically, the setup below allows
+# for the dependabot PRs to automatically assign (and notify) the Craftsman and Support Dev.
+
+# Dependabot / Dependency reviewers:
+# TODO: Update and uncomment the following lines.
+# yarn.lock @craftsman @supportdev
+# Gemfile.lock @craftsman @supportdev

lib/generators/rolemodel/github/templates/dependabot.yml

@@ -0,0 +1,87 @@
+version: 2
+registries:
+  ruby-github:
+    type: rubygems-server
+    url: https://rubygems.pkg.github.com/RoleModel
+    token: ${{ secrets.ROLEMODEL_PACKAGE_REPO_READ_TOKEN }}
+
+updates:
+  - package-ecosystem: bundler
+    insecure-external-code-execution: allow
+    registries:
+      - ruby-github
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+    # Ignore specific dependencies or update types which may cause issues. For example:
+    # ignore:
+    #   - dependency-name: 'some-gem'
+    #   - update-types: ['version-update:semver-major']
+    groups:
+      production-security:
+        dependency-type: production
+        applies-to: security-updates
+      production-major-updates:
+        dependency-type: production
+        applies-to: version-updates
+        update-types:
+          - major
+      production-minor-updates:
+        dependency-type: production
+        applies-to: version-updates
+        update-types:
+          - minor
+          - patch
+      development-security:
+        dependency-type: development
+        applies-to: security-updates
+      development-major-updates:
+        dependency-type: development
+        applies-to: version-updates
+        update-types:
+          - major
+      development-minor-updates:
+        dependency-type: development
+        applies-to: version-updates
+        update-types:
+          - minor
+          - patch
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+    # Ignore specific dependencies or update types which may cause issues. For example:
+    # ignore:
+    #   - dependency-name: 'some-package'
+    #   - update-types: ['version-update:semver-major']
+    groups:
+      production-security:
+        dependency-type: production
+        applies-to: security-updates
+      production-major-updates:
+        dependency-type: production
+        applies-to: version-updates
+        update-types:
+          - major
+      production-minor-updates:
+        dependency-type: production
+        applies-to: version-updates
+        update-types:
+          - minor
+          - patch
+      development-security:
+        dependency-type: development
+        applies-to: security-updates
+      development-major-updates:
+        dependency-type: development
+        applies-to: version-updates
+        update-types:
+          - major
+      development-minor-updates:
+        dependency-type: development
+        applies-to: version-updates
+        update-types:
+          - minor
+          - patch

lib/generators/rolemodel/github/templates/instructions

@@ -0,0 +1 @@
+../../../../../.github/instructions

lib/generators/rolemodel/github/templates/pull_request_template.md

@@ -0,0 +1,18 @@
+## Why?
+
+Why were the changes needed? What issues were the changes addressing?
+(Note: some changes may seem unrelated to the ticket, this is a great place to explain further.)
+
+## What Changed
+
+What changed in this PR?
+
+* [ ] Change 1
+
+## Pre-merge checklist
+
+* [ ] Update relevant READMEs
+
+## Screenshots
+
+If any UI changes need to be shown off, please add screenshots here.

lib/rolemodel_rails/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RolemodelRails
-  VERSION = '0.26.0'
+  VERSION = '0.27.0'
 end

spec/generators/rolemodel/github_generator_spec.rb

@@ -27,4 +27,23 @@
       expect(content).to include('  host: localhost')
     end
   end
+
+  it 'creates dependabot.yml' do
+    assert_file '.github/dependabot.yml' do |content|
+      expect(content).to include('version: 2')
+      expect(content).to include('package-ecosystem: bundler')
+      expect(content).to include('directory: /')
+      expect(content).to include('schedule:')
+      expect(content).to include('interval: weekly')
+      expect(content).to include('day: monday')
+    end
+  end
+
+  it 'creates CODEOWNERS' do
+    assert_file '.github/CODEOWNERS' do |content|
+      expect(content).to include('# Dependabot / Dependency reviewers:')
+      expect(content).to include('# yarn.lock')
+      expect(content).to include('# Gemfile.lock')
+    end
+  end
 end