chore: enable Dependabot security updates (#342)

There have been a bunch of security alerts on our prebuilt provider repos recently due to dependencies like jsii and cross-spawn. These could be easily addressed by Dependabot since all they need to update is yarn.lock so they don't interfere with Projen. Enabling this will help to get security alerts addressed faster than trying to go through Projen.
cdktf · Dec 20, 2024 · a860e4a · a860e4a
1 parent 91cacbe
commit a860e4a
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/lib/repository.ts b/lib/repository.ts
@@ -11,6 +11,7 @@ import { DataGithubRepository } from "@cdktf/provider-github/lib/data-github-rep
 import { IssueLabel } from "@cdktf/provider-github/lib/issue-label";
 import { BranchProtection } from "@cdktf/provider-github/lib/branch-protection";
 import { TeamRepository } from "@cdktf/provider-github/lib/team-repository";
+import { RepositoryDependabotSecurityUpdates } from "@cdktf/provider-github/lib/repository-dependabot-security-updates";
 import { RepositoryWebhook } from "@cdktf/provider-github/lib/repository-webhook";
 
 export interface ITeam {
@@ -165,6 +166,13 @@ export class GithubRepository extends Construct {
       ...config,
       repository: this.resource,
     });
+
+    if (!name.endsWith("-go")) {
+      new RepositoryDependabotSecurityUpdates(this, "dependabot-security", {
+        repository: this.resource.name,
+        enabled: true,
+      });
+    }
   }
 
   addSecret(name: string) {
@@ -194,5 +202,12 @@ export class GithubRepositoryFromExistingRepository extends Construct {
       ...config,
       repository: this.resource,
     });
+
+    if (!config.repositoryName.endsWith("-go")) {
+      new RepositoryDependabotSecurityUpdates(this, "dependabot-security", {
+        repository: this.resource.name,
+        enabled: true,
+      });
+    }
   }
 }