ccoVeille
commented
5 months ago I'm curious, because I don't know these settings. What are they used for?
Closed k-capehart closed 5 months ago
ccoVeille
commented
5 months ago I'm curious, because I don't know these settings. What are they used for?
k-capehart
commented
5 months ago I'm curious, because I don't know these settings. What are they used for?
@ccoVeille
Basically dependabot should automatically check for updates to my dependencies in my go.mod file. If there are any updates, then it automatically opens a PR. I've used it in the past for node and python projects, and it works great.
Right now, I'm trying to add some settings so that Dependabot groups the PRs into a single PR, just to make it easier to merge them all at once.
Here's some documentation that I've been following. https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
codecov-commenter
commented
5 months ago :warning: Please install the to ensure uploads and comments are reliably processed by Codecov.
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 87.13%. Comparing base (
cf72df3) to head (2d61cb2).
:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
ccoVeille
commented
5 months ago Basically dependabot should automatically check for updates to my dependencies in my go.mod file. If there are any updates, then it automatically opens a PR. I've used it in the past for node and python projects, and it works great.
I knew, but thanks for the context. Someone else might be curious about these.
Right now, I'm trying to add some settings so that Dependabot groups the PRs into a single PR, just to make it easier to merge them all at once.
I thought only renovate not could, it's great if dependabot can too
Here's some documentation that I've been following.
Thanks
ccoVeille
commented
5 months ago Let me know if it works.
The settings you used let me think it would not try to update when there is a major, because you only allowed patch and minor
ccoVeille
commented
5 months ago Please have a look at:
https://github.com/gofrs/flock/pull/72
I think it's the way to do
k-capehart
commented
5 months ago Please have a look at:
I think it's the way to do
Thanks, I'll keep that as reference. The way I implemented it seems to be working, and I was limiting to version updates so that security updates can be separated. But if I decide to combine them then I'll probably do it like this.
k-capehart
commented
5 months ago Let me know if it works.
The settings you used let me think it would not try to update when there is a major, because you only allowed patch and minor
And yes, I also wanted to exclude major updates, since that might require some extra effort to rework things, depending on how many breaking changes there are. It should still open a PR for major updates, it just won't include it in the group.
ccoVeille
commented
5 months ago Please have a look at:
I think it's the way to do
Thanks, I'll keep that as reference. The way I implemented it seems to be working, and I was limiting to version updates so that security updates can be separated. But if I decide to combine them then I'll probably do it like this.
Thanks it's clearer.
Dependabot should automatically check for updates to my dependencies in my go.mod file. If there are any updates, then it automatically opens a PR.
Right now, I'm trying to add some settings so that Dependabot groups the PRs into a single PR, just to make it easier to merge them all at once.
Here's some documentation that I've been following. https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates