Dependabot fail to ignore private repository checks - Githubissues

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.

https://docs.github.com/en/code-security/dependabot

MIT License

4.63k stars 990 forks source link

Dependabot fail to ignore private repository checks #10574

Open draghu-incontact opened 1 week ago

draghu-incontact commented 1 week ago

Is there an existing issue for this?

[X] I have searched the existing issues

Package ecosystem

gomod

Package manager version

No response

Language version

go 1.20

Manifest location and content before the Dependabot update

/go.sum

dependabot.yml content

version: 2 updates:

package-ecosystem: "gomod" directory: "/" # Location of package manifests schedule: interval: "daily" open-pull-requests-limit: 3 target-branch: master ignore:
- dependency-name: "github.com/private/private-repo"
  
  https://github.com/inContact/orch-entity-common/blob/master/.github/dependabot.yml

Updated dependency

"dependency-urls"=>["github.com/private/*-***-"

What you expected to see, versus what you actually saw

I expected to see dependabot ignores the version check of private repository, but it is trying to get the latest version of private repository.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

https://[productionresultssa5.blob.core.windows.net/actions-results/3b201eb9-30ee-4be8-a308-96db4d31adcc/workflow-job-run-be2c39d2-39df-5cd1-ffd9-71ea239221a0/logs/job/job-logs.txt?rsct=text%2Fplain&se=2024-09-10T07%3A06%3A09Z&sig=HfM%2BsN6IMSabcfQ6KhKUbl5ldnsLemUpfsQVuCmQUas%3D&ske=2024-09-10T18%3A21%3A12Z&skoid=ca7593d4-ee42-46cd-af88-8b886a2f84eb&sks=b&skt=2024-09-10T06%3A21%3A12Z&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skv=2024-05-04&sp=r&spr=https&sr=b&st=2024-09-10T06%3A56%3A04Z&sv=2024-05-04](https://productionresultssa5.blob.core.windows.net/actions-results/3b201eb9-30ee-4be8-a308-96db4d31adcc/workflow-job-run-be2c39d2-39df-5cd1-ffd9-71ea239221a0/logs/job/job-logs.txt?rsct=text%2Fplain&se=2024-09-10T07%3A06%3A09Z&sig=HfM%2BsN6IMSabcfQ6KhKUbl5ldnsLemUpfsQVuCmQUas%3D&ske=2024-09-10T18%3A21%3A12Z&skoid=ca7593d4-ee42-46cd-af88-8b886a2f84eb&sks=b&skt=2024-09-10T06%3A21%3A12Z&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skv=2024-05-04&sp=r&spr=https&sr=b&st=2024-09-10T06%3A56%3A04Z&sv=2024-05-04)

Smallest manifest that reproduces the issue

No response

draghu-incontact commented 2 days ago

Can someone help me here.