-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Read from dependabot.yml file #716
Comments
@craigta that documentation is for Github-native Dependabot. I don't think dependabot-native will read that file for you, just like it won't read the pre-github With However, since the Docker image simply runs dependabot-script/generic-update-script.rb Lines 173 to 177 in 4330ff7
The class itself is here and it seems to accept way more arguments than used in the generic-update-script.rb script.
|
@rimas-kudelis update checker only takes ignore_versions, not the full set of IgnoreConditions that would allow what I'm looking for. So I can pass in an array of versions like: But that doesn't give me the ability to skip major/minor versions as far as I can tell. Open to ideas, but doesn't seem to support by default. I see there is some UpdateConfig that does something with the IgnoreCondition object, but still trying trying to figure out how that works (new to Ruby at the moment, but learning!) |
hi, I'm not sure where to ask the question so I'm posing here. Happy to engage wherever necessary for help
My setup is:
I have my code in Azure Devops
I'm using the docker image provided via dependabot-script
I'm running this locally for now and will integrate the docker image run into our Azure Devops setup next
My goal:
I want to run dependabot to update our nugets at the patch level, I don't want it to make updates to major/minor. I also wanted to 'slow drip' the updates -- IE: Only send in 1 or 2 to start with and I would run the script on a schedule to do this, say weekly or so to start with, and to allow individual depot to tweak this per their liking
To do this, I wanted to run dependabot and have it ignore major and minor updates and set a pull request limit. I found the dependabot.yml configuration details, but I'm having trouble with getting the dependabot-script to read from the yaml to make use of my config, which I want to be checked in per devops endpoint
I want to run the dependabot-script against other depots, with each depot defining their own configuration of things to upgrade and check
I created a folder .github and placed a dependabot.yml with these contains there:
version: 2
updates:
schedule:
interval: "daily"
open-pull-requests-limit: 1
ignore:
update-types: ["version-update:semver-major", "version-update:semver-minor"]
Any ideas on how to get this file read, if I need to place somewhere else, or if there is another way to provide this level of config?
The text was updated successfully, but these errors were encountered: