search

pulibrary / pul_library_drupal

Deprecated - Princeton University Library Core Site Drupal Codebase
https://library.princeton.edu/
GNU General Public License v2.0
3 stars 0 forks source link

Can we configure dependabot to achieve our goals? #1902

Closed sandbergja closed 2 years ago

sandbergja commented 2 years ago

The following configuration for dependabot attempted to do two things:

  1. apply the maintenance label to new PRs that it opened (which it did)
  2. exclude the omega theme directory from dependabot security issues (not sure if this was successful or not)

Unfortunately, it also tried to create PRs for non-security version upgrades as well, which was overwhelming. If we can figure out how to achieve those two goals without the side effect, it would probably be useful.

Old .github/dependabot.yml:

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/sites/all/themes/pul_base"
    schedule:
      interval: "daily"
    labels:
      - "npm"
      - "dependencies"
      - "maintenance"
  - package-ecosystem: "bundler"
    directory: "/"
    schedule:
      interval: "daily"
    labels:
      - "ruby"
      - "dependencies"
      - "maintenance"
sandbergja commented 2 years ago

closing, since we got rid of the omega dependency files, and are filtering our zenhub board to both maintenance and dependencies labels.