Open draghu-incontact opened 1 week ago
gomod
No response
go 1.20
/go.sum
version: 2 updates:
package-ecosystem: "gomod" directory: "/" # Location of package manifests schedule: interval: "daily" open-pull-requests-limit: 3 target-branch: master ignore:
dependency-name: "github.com/private/private-repo"
https://github.com/inContact/orch-entity-common/blob/master/.github/dependabot.yml
"dependency-urls"=>["github.com/private/*-***-"
I expected to see dependabot ignores the version check of private repository, but it is trying to get the latest version of private repository.
https://[productionresultssa5.blob.core.windows.net/actions-results/3b201eb9-30ee-4be8-a308-96db4d31adcc/workflow-job-run-be2c39d2-39df-5cd1-ffd9-71ea239221a0/logs/job/job-logs.txt?rsct=text%2Fplain&se=2024-09-10T07%3A06%3A09Z&sig=HfM%2BsN6IMSabcfQ6KhKUbl5ldnsLemUpfsQVuCmQUas%3D&ske=2024-09-10T18%3A21%3A12Z&skoid=ca7593d4-ee42-46cd-af88-8b886a2f84eb&sks=b&skt=2024-09-10T06%3A21%3A12Z&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skv=2024-05-04&sp=r&spr=https&sr=b&st=2024-09-10T06%3A56%3A04Z&sv=2024-05-04](https://productionresultssa5.blob.core.windows.net/actions-results/3b201eb9-30ee-4be8-a308-96db4d31adcc/workflow-job-run-be2c39d2-39df-5cd1-ffd9-71ea239221a0/logs/job/job-logs.txt?rsct=text%2Fplain&se=2024-09-10T07%3A06%3A09Z&sig=HfM%2BsN6IMSabcfQ6KhKUbl5ldnsLemUpfsQVuCmQUas%3D&ske=2024-09-10T18%3A21%3A12Z&skoid=ca7593d4-ee42-46cd-af88-8b886a2f84eb&sks=b&skt=2024-09-10T06%3A21%3A12Z&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skv=2024-05-04&sp=r&spr=https&sr=b&st=2024-09-10T06%3A56%3A04Z&sv=2024-05-04)
Can someone help me here.
Is there an existing issue for this?
Package ecosystem
gomod
Package manager version
No response
Language version
go 1.20
Manifest location and content before the Dependabot update
/go.sum
dependabot.yml content
version: 2 updates:
package-ecosystem: "gomod" directory: "/" # Location of package manifests schedule: interval: "daily" open-pull-requests-limit: 3 target-branch: master ignore:
dependency-name: "github.com/private/private-repo"
https://github.com/inContact/orch-entity-common/blob/master/.github/dependabot.yml
Updated dependency
"dependency-urls"=>["github.com/private/*-***-"
What you expected to see, versus what you actually saw
I expected to see dependabot ignores the version check of private repository, but it is trying to get the latest version of private repository.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
https://[productionresultssa5.blob.core.windows.net/actions-results/3b201eb9-30ee-4be8-a308-96db4d31adcc/workflow-job-run-be2c39d2-39df-5cd1-ffd9-71ea239221a0/logs/job/job-logs.txt?rsct=text%2Fplain&se=2024-09-10T07%3A06%3A09Z&sig=HfM%2BsN6IMSabcfQ6KhKUbl5ldnsLemUpfsQVuCmQUas%3D&ske=2024-09-10T18%3A21%3A12Z&skoid=ca7593d4-ee42-46cd-af88-8b886a2f84eb&sks=b&skt=2024-09-10T06%3A21%3A12Z&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skv=2024-05-04&sp=r&spr=https&sr=b&st=2024-09-10T06%3A56%3A04Z&sv=2024-05-04](https://productionresultssa5.blob.core.windows.net/actions-results/3b201eb9-30ee-4be8-a308-96db4d31adcc/workflow-job-run-be2c39d2-39df-5cd1-ffd9-71ea239221a0/logs/job/job-logs.txt?rsct=text%2Fplain&se=2024-09-10T07%3A06%3A09Z&sig=HfM%2BsN6IMSabcfQ6KhKUbl5ldnsLemUpfsQVuCmQUas%3D&ske=2024-09-10T18%3A21%3A12Z&skoid=ca7593d4-ee42-46cd-af88-8b886a2f84eb&sks=b&skt=2024-09-10T06%3A21%3A12Z&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skv=2024-05-04&sp=r&spr=https&sr=b&st=2024-09-10T06%3A56%3A04Z&sv=2024-05-04)
Smallest manifest that reproduces the issue
No response