From c2202da337488315ee80840bf2a0ed8ca3b4b5e4 Mon Sep 17 00:00:00 2001
From: Sandy <156678658+sb21460@users.noreply.github.com>
Date: Thu, 5 Dec 2024 11:38:56 +0000
Subject: [PATCH] Documenting ND-568 outcome (#832)

* Documenting ND-568 outcome

Further to the implementation of ND-568, documented the current configurations
of dependabot and the earlier renovate bot configuration whjich has been
disabled temporarily to avoid conflicts between both.

* Revert "Documenting ND-568 outcome"

This reverts commit e7be26320a797642557cac03e48b899129f05ba6.

* Documenting ND-568 outcome

Further to the implementation of ND-568, documented the current configurations
of dependabot and the earlier renovate bot configuration which has been
disabled temporarily to avoid conflicts between both.
---
 ...ws-secrets-manager-for-secrets.html.md.erb |  4 +-
 ...pendabot-to-manage-dependency-updates.html | 41 +++++++++++++++++++
 .../documentation/adrs/adr-index.html.md.erb  |  4 +-
 3 files changed, 46 insertions(+), 3 deletions(-)
 create mode 100644 source/documentation/adrs/014-use-dependabot-to-manage-dependency-updates.html

diff --git a/source/documentation/adrs/013-use-aws-secrets-manager-for-secrets.html.md.erb b/source/documentation/adrs/013-use-aws-secrets-manager-for-secrets.html.md.erb
index 80f5ca4..272334a 100644
--- a/source/documentation/adrs/013-use-aws-secrets-manager-for-secrets.html.md.erb
+++ b/source/documentation/adrs/013-use-aws-secrets-manager-for-secrets.html.md.erb
@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
-title: 006 - Use AWS Secrets Manager for Secrets
-last_reviewed_on: 2024-11-07
+title: 013 - Use AWS Secrets Manager for Secrets
+last_reviewed_on: 2024-12-05
 review_in: 6 months
 ---
 
diff --git a/source/documentation/adrs/014-use-dependabot-to-manage-dependency-updates.html b/source/documentation/adrs/014-use-dependabot-to-manage-dependency-updates.html
new file mode 100644
index 0000000..90f9131
--- /dev/null
+++ b/source/documentation/adrs/014-use-dependabot-to-manage-dependency-updates.html
@@ -0,0 +1,41 @@
+---
+owner_slack: "#nvvs-devops"
+title: 014 - Use Dependabot to manage dependency updates
+last_reviewed_on: 2024-12-05
+review_in: 6 months
+---
+
+# 014 - Use Dependabot to manage dependency updates
+Date: 2020-12-05
+
+## Status
+✅ Accepted
+
+## Context
+Both Renovate Bot and Dependabot are being used in our repository to manage dependency updates.
+This is leading to conflicts where both tools create separate pull requests (PRs) for the same dependencies, resulting in unnecessary duplication and management overhead.
+
+## Decision
+
+To use Dependabot, as its better suited for GitHub-based projects due to its simplicity, native integration, and focus on security, and temporarily disable renovate bot.
+
+Currently, Dependabot targets:
+
+- "bundler", which is used for managing Ruby dependencies. Dependabot will check for updates in the root directory ("/") on a daily basis.
+- "terraform", with updates being checked in the "/terraform" directory daily.
+- "github-actions", which manages GitHub Actions workflows. Updates will be checked in the root directory ("/") daily.
+- "pip", used for Python dependencies. Dependabot will check for updates in the root directory ("/") daily.
+- "npm", which manages JavaScript dependencies. Updates will be checked in the root directory ("/") daily.
+
+### Alternative Considerations:
+
+#### Renovate Bot
+
+Renovate bot targeting dependencies from the “terraform-module” and “terraform-provider” in the repositories have been temporarily disabled
+
+- 'ministryofjustice/network-access-control-infrastructure',
+- 'ministryofjustice/nvvs-devops-github-actions',
+- 'ministryofjustice/staff-device-dns-dhcp-infrastructure',
+- 'ministryofjustice/staff-device-shared-services-infrastructure',
+- 'ministryofjustice/staff-infrastructure-network-services',
+- 'ministryofjustice/staff-technology-services-github-teams'
\ No newline at end of file
diff --git a/source/documentation/adrs/adr-index.html.md.erb b/source/documentation/adrs/adr-index.html.md.erb
index 044316f..4ad8276 100644
--- a/source/documentation/adrs/adr-index.html.md.erb
+++ b/source/documentation/adrs/adr-index.html.md.erb
@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: Architecture Decision Records index
-last_reviewed_on: 2024-11-07
+last_reviewed_on: 2024-12-05
 review_in: 6 months
 ---
 
@@ -27,9 +27,11 @@ To understand why we are recording decisions and how we are doing it, please see
 | ADR-011 | ✅      | [Use GitHub Actions for CI/CD](011-use-github-actions-for-ci-cd.html)                                              |
 | ADR-012 | ✅      | [Use TechDocs for ADRs](012-use-techdocs-for-adrs.html)                                                            |
 | ADR-013 | ✅️      | [Use AWS Secrets Manager for secrets](013-use-aws-secrets-manager-for-secrets.html)                                |
+| ADR-014 | ✅️      | [Use Dependabot to manage dependency updates](014-use-dependabot-to-manage-dependency-updates.html)
 
 ## Statuses
 - ✅ Accepted
 - ❌ Rejected
 - 🤔 Proposed
 - ⌛️ Superseded
+