Production-ready Dependabot configuration for .NET repositories with support for NuGet, GitHub Actions, Docker, docker-compose, devcontainers, and multi-service src layouts. Includes dependency grouping, reviewer automation, labeling strategy, and reduced-noise container version updates using increase-if-necessary.

dependabot.yml

version: 2

updates:

  #
  # NuGet dependencies
  #
  - package-ecosystem: "nuget"
    directory: "/"

    schedule:
      interval: weekly

    open-pull-requests-limit: 10

    assignees:
      - "guibranco"

    reviewers:
      - "guibranco"

    labels:
      - "nuget"
      - "packages"
      - ".NET"
      - "dependencies"

    groups:

      microsoft:
        patterns:
          - "Microsoft.*"

      aspnetcore:
        patterns:
          - "Microsoft.AspNetCore.*"

      extensions:
        patterns:
          - "Microsoft.Extensions.*"

      testing:
        patterns:
          - "xunit*"
          - "FluentAssertions*"
          - "Moq*"
          - "coverlet*"
          - "Microsoft.NET.Test.Sdk"

      logging:
        patterns:
          - "Serilog*"
          - "NLog*"

      telemetry:
        patterns:
          - "OpenTelemetry*"

      azure:
        patterns:
          - "Azure.*"

      dependencies:
        patterns:
          - "*"


  #
  # GitHub Actions dependencies
  #
  - package-ecosystem: "github-actions"
    directory: "/"

    schedule:
      interval: weekly

    open-pull-requests-limit: 5

    assignees:
      - "guibranco"

    reviewers:
      - "guibranco"

    labels:
      - "github-actions"
      - "dependencies"

    groups:

      github-actions:
        patterns:
          - "*"


  #
  # Root Dockerfiles + docker-compose.yml
  #
  - package-ecosystem: "docker"
    directory: "/"

    schedule:
      interval: weekly

    versioning-strategy: increase-if-necessary

    open-pull-requests-limit: 10

    assignees:
      - "guibranco"

    reviewers:
      - "guibranco"

    labels:
      - "docker"
      - "containers"
      - "dependencies"

    groups:

      dotnet:
        patterns:
          - "mcr.microsoft.com/dotnet/*"

      node:
        patterns:
          - "node"

      alpine:
        patterns:
          - "alpine"

      linux-base:
        patterns:
          - "ubuntu"
          - "debian"

      docker-dependencies:
        patterns:
          - "*"


  #
  # Devcontainer support
  #
  - package-ecosystem: "docker"
    directory: "/.devcontainer"

    schedule:
      interval: weekly

    versioning-strategy: increase-if-necessary

    labels:
      - "docker"
      - "devcontainer"
      - "dependencies"

    assignees:
      - "guibranco"

    reviewers:
      - "guibranco"


  #
  # Example: src-level microservice Dockerfiles
  # (remove if not applicable)
  #
  - package-ecosystem: "docker"
    directory: "/src"

    schedule:
      interval: weekly

    versioning-strategy: increase-if-necessary

    labels:
      - "docker"
      - "containers"
      - "dependencies"

    assignees:
      - "guibranco"

    reviewers:
      - "guibranco"

This Dependabot configuration is designed for modern .NET and container-enabled repositories and supports automatic dependency updates across multiple ecosystems with a consistent review workflow.

What this configuration updates automatically:

• NuGet dependencies across the solution
• GitHub Actions workflow dependencies
• Docker base images in Dockerfiles
• docker-compose image references
• devcontainer base images
• Dockerfiles located under the /src directory for multi-service repositories

NuGet dependencies are grouped into logical stacks:

• Microsoft packages
• ASP.NET Core stack
• Extensions ecosystem
• Testing libraries
• Logging libraries
• OpenTelemetry
• Azure SDK
• Everything else

This grouping reduces pull request noise and keeps updates easier to review.

GitHub Actions dependencies are grouped into a single update pull request per cycle to simplify maintenance of CI infrastructure.

Docker dependencies use the increase-if-necessary versioning strategy to prevent unnecessary major version jumps while still allowing security and compatibility updates when required.

Container image updates are grouped by:

• .NET runtime and SDK images
• Node images
• Alpine base images
• Debian and Ubuntu base images
• All remaining container images

The configuration also includes explicit support for:

• docker-compose.yml image updates
• .devcontainer/devcontainer.json image updates
• multi-service repositories using /src

Each ecosystem automatically assigns reviewers and labels pull requests for consistent triage workflows.

This file is intended to be reusable across repositories with minimal modification. Typically only the /src block needs adjustment if a repository uses a different service directory layout such as /services or /apps.