Re-attempt to use lockfile-only strategy with dependabot (#854)

* Attempt to configure lockfile-only dependabot strategy * Attempt to configure lockfile-only dependabot strategy, again * Fix merge * Fix merge
datalab-org · Aug 20, 2024 · 556c3cd · 556c3cd
1 parent 20a22ab
commit 556c3cd
Showing 1 changed file with 1 addition and 24 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,38 +1,15 @@
 version: 2
 updates:
-# Update rule for lockfiles only: will bump requirements within the
-# compatible versions found in pyproject.toml
 - package-ecosystem: pip
   directory: "./pydatalab"
   schedule:
     interval: monthly
     day: monday
     time: "05:43"
-  # Needs to be larger than the number of total requirements (currently 31)
-  open-pull-requests-limit: 50
   target-branch: main
+  versioning-strategy: lockfile-only
   labels:
   - dependency_updates
-  versioning-strategy: "lockfile-only"
-  groups:
-    python-dependencies-compat:
-      applies-to: version-updates
-      dependency-type: production
-# Will make a separate PR to bump versions explicitly to the latest versions, in all cases
-# May trigger incompatibilities in many cases, in which case additional constraints may be needed here
-- package-ecosystem: pip
-  directory: "./pydatalab"
-  schedule:
-    interval: monthly
-    day: monday
-    time: "05:43"
-  # Needs to be larger than the number of total requirements (currently 31)
-  open-pull-requests-limit: 50
-  target-branch: main
-  labels:
-  - dependency_updates
-  # Turn off automatic rebases so that auto-merge can work without needed N**2 CI runs
-  rebase-strategy: "disabled"
   groups:
     python-dependencies:
       applies-to: version-updates