Closed ll5zh closed 2 months ago
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 74.49%. Comparing base (
7347da6
) to head (1081bd5
).
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
What would be our "
directory-to-exclude
", in order to ignore cwltool dependencies?
We'd want to ignore https://github.com/dockstore/dockstore/tree/develop/dockstore-webservice/src/main/resources/requirements/1.13.0 and https://github.com/dockstore/dockstore/tree/develop/dockstore-webservice/src/main/resources/requirements/1.14.0
That said, after looking at that directory, interestingly I see https://github.com/dockstore/dockstore/blob/develop/dockstore-webservice/src/main/resources/requirements/swagger-ui/requirements.properties but because of the way templating is being used, I doubt dependabot will work.
So let's give this a shot
Description We want cwltool dependencies to be ignored when Dependabot makes dependency updates.
After taking a look with @denis-yuen, it appeared that
package-ecosystem: "pip"
was only opening PRs for cwltool dependencies and wasn't actually maintaining Swagger UI dependencies, contrary to what this comment suggests. If this is the case, then removing the pip package manager altogether should get rid of unwanted PRs associated with cwltool dependencies.Review Instructions Confirm (or deny) that Dependabot's pip updates are solely for cwltool dependencies (which we want to freeze), and that pip can be removed from dependabot.yml.
If we do need to keep the pip package manager: this workaround (suggested in the ticket) involves specifying a directory for Dependabot to ignore (via
directory: "/directory-to-exclude"
). What would be our "directory-to-exclude
", in order to ignore cwltool dependencies?Issue SEAB-6342
Security and Privacy
If there are any concerns that require extra attention from the security team, highlight them here and check the box when complete.
e.g. Does this change...
Please make sure that you've checked the following before submitting your pull request. Thanks!
mvn clean install
@RolesAllowed
annotation