Open ahmetgul93 opened 1 week ago
@ahmetgul93 thanks for the report. could you please provide some more information on what you are seeing in your pull requests-- more specifically, a visualization of the branch history and commits that illustrates which commit the PR originates from and which commits you are not expecting to see in the PR?
By using target-branch: main
, Dependabot should be using the latest commit on that branch; there shouldn't be any other commits from other branches.
It is possible that maybe this has something to do with how you are have multiple "nuget" package ecyosystems configured; To rule out that, does it behave as expected if only one "nuget" update config is present?
It would also be good to clarify exactly which version of the dependabot task you are using as the pipeline you pasted above has conflicting information. If you are using dependabot@2
, you can't have useUpdateScriptvNext: true
as that would be invalid configuration. Are you using dependabot@2
or dependabot@1
?
Thanks for response!
Things in red rectangle from developers commits in another branch however dependabot added these commits to its own branch. In other words, it takes other developers commits to its own branch. I wanted it to create a new PR with its commit. However, it copies developer commits to PR as well. Dependabots PR should be independent than developer commits
I also tried your suggestions. I removed useUpdateScriptvNext from previous version 1 implementation and also filtered out second nuget updater. But result is same. And I also want to have this 2 nuget updater.
My latest config I tried.
version: 2
registries:
azure-artifacts:
type: nuget-feed
key: "aaaa"
url: "xxxxx"
token: PAT:${{ TOKEN}}
updates:
- package-ecosystem: "nuget"
directories: [ '/aa/bb/*' ]
allow:
- dependency-name: "AA.BB"
- dependency-name: "XX.ZZ"
target-branch: main
registries:
- azure-artifacts
schedule:
interval: "daily"
commit-message:
prefix: "test"
open-pull-requests-limit: 3
Azure Devops pipeline; (I use version 2)
stages:
- stage: DependencyChecking
jobs:
- job: Dependabot
displayName: 'Dependabot'
steps:
- task: dependabot@2
displayName: 'Dependabot'
env:
TOKEN: $(System.AccessToken)
I have also tried with this rebase-strategy: "disabled"
. It didnt work as I expected.
Describe the bug
I would like Dependabot to only base its pull requests on the changes in the main branch and not include any changes from other open PRs or branches. This behavior is causing conflicts and making it difficult to review the dependencies independently from other feature or custom changes.
PR created by dependabot takes changes from other open PRs as well. I want dependabot to create PRs only based on MAIN. I have found rebase-strategy and set it disabled but it didn't work as well
Could you please help me how can I do this?
dependabot.yml;
azure devops pipeline;