Commit Graph

9 Commits

Author SHA1 Message Date
hagen1778
7fc34aa1e6
dependabot: return schedule field as it breaks validation on github side
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-07-27 15:03:00 +02:00
Roman Khavronenko
1a864b60c2
dependabot: disable version update for packages (#4684)
The change disables version updates for repo packages.
Please note, security updates should not be affected by the change
according to https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit:

```
open-pull-requests-limit
By default, Dependabot opens a maximum of five pull requests for version updates. Once there are five open pull requests from Dependabot, Dependabot will not open any new requests until some of those open requests are merged or closed.

This option has no impact on security updates, which have a separate, internal limit of ten open pull requests.
```

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-07-21 11:08:06 +02:00
Roman Khavronenko
453df02e0a
github/dependabot.yml: disable versions update for vmui (#2449)
The change disables versions autopupdate for vmui package.
The change has no impact on security updates, which have a separate,
internal limit of ten open pull requests.

See https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-04-12 14:26:14 +03:00
Denys Holius
d282a7593b
fixed wrong path for npm dependabot checks (#1744) 2021-10-26 11:04:32 +03:00
Aliaksandr Valialkin
ae90225b46 .github/dependabot.yml: increase check intervals for gomod and docker ecosystems from daily to weekly
Daily checks are too verbose and result into too many automatic pull requests and commits
2021-09-01 16:07:00 +03:00
Artem Navoiev
64d64976e4
add dependency chekcs for (#1535)
- ruby (for docs)
- gomod for monorepo
- npm for vmui
- gomod go small webserver in  vmui
2021-08-15 14:09:34 +03:00
Aliaksandr Valialkin
3fb3ce2a6d Revert ".github/dependabot.yml: remove automated dependency version checks"
This reverts commit 5b986c95dd.

This check verifies only dependencies needed for github-actions. This is OK.
2021-05-10 12:05:09 +03:00
Aliaksandr Valialkin
5b986c95dd .github/dependabot.yml: remove automated dependency version checks
Dependency updates must be under manual control, since the resulting code diffs must be reviewed manually for the sake of security.
It is done with `make vendor-update` now.
2021-05-10 11:41:23 +03:00
Artem Navoiev
c687536956
Add vendor license checker, update codecov action, add dependbot for … (#1280)
* Add vendor license checker, update codecov action, add dependbot for github actions

* update gitingore, temprorary turn on check

* fix action name

* change action rules to trigger only when vendor changes

* remove obsolete line from main action
2021-05-10 11:38:56 +03:00