From 6a2b28e24e5bdcb0d364f1af0aa93b696db00e6c Mon Sep 17 00:00:00 2001
From: Radoslav Dimitrov <radoslav@stacklok.com>
Date: Wed, 8 Jan 2025 15:49:19 +0200
Subject: [PATCH] Add a profile for enforcing lightweight dependabot
 configuration

Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
---
 .../stacklok-lightweight-dependabot.yaml      | 65 +++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 profiles/github/stacklok-lightweight-dependabot.yaml

diff --git a/profiles/github/stacklok-lightweight-dependabot.yaml b/profiles/github/stacklok-lightweight-dependabot.yaml
new file mode 100644
index 0000000..28a08fa
--- /dev/null
+++ b/profiles/github/stacklok-lightweight-dependabot.yaml
@@ -0,0 +1,65 @@
+---
+# Stacklok profile
+version: v1
+type: profile
+name: stacklok-lightweight-dependabot
+display_name: Stacklok Lightweight Dependabot Profile
+context:
+  provider: github
+alert: "off"
+remediate: "on"
+repository:
+  - type: enforce_file
+    name: "Enforce lightweight Dependabot config for Go projects"
+    def:
+      apply_if_file: go.mod
+      file: ".github/dependabot.yml"
+      content: |
+        version: 2
+        updates:
+          - package-ecosystem: "github-actions"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10
+          - package-ecosystem: "gomod"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10
+  - type: enforce_file
+    name: "Enforce lightweight Dependabot config for JavaScript projects"
+    def:
+      apply_if_file: package.json
+      file: ".github/dependabot.yml"
+      content: |
+        version: 2
+        updates:
+          - package-ecosystem: "github-actions"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10
+          - package-ecosystem: "npm"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10
+  - type: enforce_file
+    name: "Enforce lightweight Dependabot config for Python projects"
+    def:
+      apply_if_file: requirements.txt
+      file: ".github/dependabot.yml"
+      content: |
+        version: 2
+        updates:
+          - package-ecosystem: "github-actions"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10
+          - package-ecosystem: "pip"
+            directory: "/"
+            schedule:
+              interval: "weekly"
+            open-pull-requests-limit: 10