Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Group dependabot updates #1824

Merged
merged 1 commit into from
Feb 13, 2024
Merged

Group dependabot updates #1824

merged 1 commit into from
Feb 13, 2024
+12 −0

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Feb 12, 2024
edited by rocodes
Loading

Status

Ready for review

Description

To cut down on the number of PRs opened, have dependabot group all the updates for a component in a single pull request.

Refs #1823.

Test Plan

@legoktm
Group dependabot updates
2a7e162 
To cut down on the number of PRs opened, have dependabot group all
the updates for a component in a single pull request.

Refs #1823.
@legoktm legoktm requested a review from a team as a code owner February 12, 2024 22:20
@legoktm
Copy link
Member Author

legoktm commented Feb 12, 2024

Some times if you get lucky (really) there will be a "dependabot.yml validation" CI job, guess I didn't trigger it with this PR... so I think this syntax is right but not 100% sure. We can also try it on a docs repo first if people want.

@rocodes rocodes self-assigned this Feb 12, 2024
rocodes
rocodes approved these changes Feb 12, 2024
View reviewed changes
Copy link
Contributor

@rocodes rocodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at some other projects that group dependabot updates by broad matching (eg https://github.com/cert-manager/approver-policy/blob/main/.github/dependabot.yaml) and the second example in your docs link that explains the group name (for branches/PRs), I think you're right. We can inspect the first few PRs to make sure we're getting the behaviour we want.

re the pre-merge validator, here's upstream :/
dependabot/dependabot-core#4605

And here are some other folks who've also been bitten by this and have been trying to revive the dependabot validator:
https://github.com/gnolang/gno/pull/1642/files

@rocodes rocodes merged commit 3c58d48 into main Feb 13, 2024
49 checks passed
@rocodes rocodes deleted the dpb-groups branch February 13, 2024 00:00
@rocodes rocodes mentioned this pull request Feb 13, 2024
Closed
@eloquence eloquence mentioned this pull request Mar 6, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rocodes rocodes rocodes approved these changes

Assignees

@rocodes rocodes

Labels
None yet
Projects
SecureDrop dev cycle
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@legoktm @rocodes