Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: disable non-security dependabot updates #12487

Merged
merged 3 commits into from
Jan 17, 2024
Merged

ci: disable non-security dependabot updates #12487

merged 3 commits into from
Jan 17, 2024

Commits on Jan 9, 2024

  1. ci: disable non-security dependabot updates 

    - most of the automated updates from dependabot cause a lot of noise and use up CI time, without adding much
  - most often are small patch updates that don't affect our usage of deps
  - some can also cause a lot of breakage when they pass CI but break something in a way that doesn't have an automated test

- instead of unnecessary automated updates, we can just manually update deps when needed (when we need a feature or patch) and set a reminder every 6 months to check in
  - IMO, I think this would actually end up as less work than monitoring all the dependabot updates

- Note that this intentionally _does not_ impact security updates. Security updates will still happen automatically
  - Per the [linked doc](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore):
    > When used alone, the `ignore.versions` key affects both Dependabot updates, but the `ignore.update-types` key affects only Dependabot version updates.
    - that is why I specifically used only `ignore.update-types`

Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
    @agilgur5
    agilgur5 committed Jan 9, 2024
    Configuration menu
    Copy the full SHA
    b677049 View commit details
    Browse the repository at this point in the history

  2. style: consistently have 2 space indents for lists 

    - `gomod` section had 0 space while the rest had 2 space indentation
  - now all are 2 space consistently

Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
    @agilgur5
    agilgur5 committed Jan 9, 2024
    Configuration menu
    Copy the full SHA
    acaea0d View commit details
    Browse the repository at this point in the history

  3. ci: switch to open-pull-requests-limit: 0 

    - this also does not impact security updates and is a simpler configuration
  - per the [linked docs](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit):
    > This option has no impact on security updates, which have a separate, internal limit of ten open pull requests.

Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
    @agilgur5
    agilgur5 committed Jan 9, 2024
    Configuration menu
    Copy the full SHA
    b82dc38 View commit details
    Browse the repository at this point in the history