Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable dependabot only for github-actions and reporter-web-app #4055

Merged
merged 1 commit into from
May 21, 2021

Conversation

mnonnenmacher
Copy link
Member

We do not want dependabot to update the dependencies of test projects.
As there is no option to disable dependabot for a directory, enable it
only for the projects where we want it to run.

Note that we do not enable dependabot for Gradle because it does not
support defining versios in gradle.propertes [1] and we manually check
for Gradle dependency updates using the dependencyUpdates Gradle task
on a regular basis.

[1] dependabot/dependabot-core#1618

@mnonnenmacher mnonnenmacher requested a review from a team as a code owner May 21, 2021 06:42
@sschuberth
Copy link
Member

Note that we do not enable dependabot for Gradle because it does not support defining versios in gradle.propertes

Hah, those rookies 😉

Typo: s/versios/versions/

version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't / shouldn't we limit this to /.github/workflows?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, github-actions is a special case, I have added a link to the documentation.

We do not want dependabot to update the dependencies of test projects.
As there is no option to disable dependabot for a directory, enable it
only for the projects where we want it to run.

Note that we do not enable dependabot for Gradle because it does not
support defining versions in gradle.propertes [1] and we manually check
for Gradle dependency updates using the `dependencyUpdates` Gradle task
on a regular basis.

[1] dependabot/dependabot-core#1618

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
@mnonnenmacher
Copy link
Member Author

Note that we do not enable dependabot for Gradle because it does not support defining versios in gradle.propertes

Hah, those rookies wink

😁

Typo: s/versios/versions/

Done.

@mnonnenmacher mnonnenmacher enabled auto-merge (rebase) May 21, 2021 07:28
@mnonnenmacher mnonnenmacher merged commit 413d93d into master May 21, 2021
@mnonnenmacher mnonnenmacher deleted the dependabot-config branch May 21, 2021 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants