Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add Dependabot configuration file #316

Merged
merged 1 commit into from
Apr 17, 2024
Merged

chore: add Dependabot configuration file #316

merged 1 commit into from
Apr 17, 2024

Conversation

jiridanek
Copy link
Member

@jiridanek jiridanek commented Apr 12, 2024
edited
Loading

https://issues.redhat.com/browse/RHOAIENG-5326

Description

A new dependabot.yml file has been added to the .github directory. This configuration file enables Dependabot to check for updates in our package ecosystems (i.e., github-actions and gomod) on a weekly schedule, focusing on security updates for the gomod ecosystem specifically.

Enabling this in repo settings

image

Then, in the rules, create rules for the manifests we want to keep up-to-date regarding security updates. Here are the two rules I created,

image

They are set-up like this

image

How Has This Been Tested?

https://github.com/jiridanek/kubeflow/pulls shows only two protobuf updates, which is a security update for notebook-controller

Merge criteria:

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

@jiridanek
chore: add Dependabot configuration file
ada83b1 
A new `dependabot.yml` file has been added to the `.github` directory. This configuration file enables Dependabot to check for updates in our package ecosystems (i.e., `github-actions` and `gomod`) on a weekly schedule, focusing on security updates for the `gomod` ecosystem specifically.
@openshift-ci openshift-ci bot requested review from harshad16 and LaVLaS April 12, 2024 05:56
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Apr 12, 2024

Hi @jiridanek. Thanks for your PR.

I'm waiting for a opendatahub-io member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added the lgtm label Apr 12, 2024
@atheo89
Copy link
Member

atheo89 commented Apr 17, 2024

Thank you, Jiri, for this PR! I've just updated the repository settings to be aligned.

image

image

image

/LGTM

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Apr 17, 2024

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: jstourac

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit 4bc5b76 into opendatahub-io:v1.7-branch Apr 17, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jstourac jstourac jstourac approved these changes

@harshad16 harshad16 Awaiting requested review from harshad16

@LaVLaS LaVLaS Awaiting requested review from LaVLaS

Assignees

@jstourac jstourac

@atheo89 atheo89

Labels
approved lgtm needs-ok-to-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jiridanek @atheo89 @jstourac