Commit Graph

9 Commits

Author SHA1 Message Date
hagen1778
46a80a2781
dependabot: return schedule field as it breaks validation on github side
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-07-27 12:59:28 -07:00
Roman Khavronenko
af56dff7ce
dependabot: disable version update for packages ()
The change disables version updates for repo packages.
Please note, security updates should not be affected by the change
according to https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit:

```
open-pull-requests-limit
By default, Dependabot opens a maximum of five pull requests for version updates. Once there are five open pull requests from Dependabot, Dependabot will not open any new requests until some of those open requests are merged or closed.

This option has no impact on security updates, which have a separate, internal limit of ten open pull requests.
```

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-07-22 14:17:50 -07:00
Roman Khavronenko
1e9ba4d133
github/dependabot.yml: disable versions update for vmui ()
The change disables versions autopupdate for vmui package.
The change has no impact on security updates, which have a separate,
internal limit of ten open pull requests.

See https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-04-12 14:27:38 +03:00
Denys Holius
56970caded
fixed wrong path for npm dependabot checks () 2021-10-26 19:16:35 +03:00
Aliaksandr Valialkin
30d2876c6e .github/dependabot.yml: increase check intervals for gomod and docker ecosystems from daily to weekly
Daily checks are too verbose and result into too many automatic pull requests and commits
2021-09-01 16:08:31 +03:00
Artem Navoiev
c0420634ff add dependency chekcs for ()
- ruby (for docs)
- gomod for monorepo
- npm for vmui
- gomod go small webserver in  vmui
2021-08-15 14:45:53 +03:00
Aliaksandr Valialkin
dea1cdd817 Revert ".github/dependabot.yml: remove automated dependency version checks"
This reverts commit 5b986c95dd.

This check verifies only dependencies needed for github-actions. This is OK.
2021-05-10 12:06:19 +03:00
Aliaksandr Valialkin
15ad9deccf .github/dependabot.yml: remove automated dependency version checks
Dependency updates must be under manual control, since the resulting code diffs must be reviewed manually for the sake of security.
It is done with `make vendor-update` now.
2021-05-10 12:01:29 +03:00
Artem Navoiev
632eb82dbd Add vendor license checker, update codecov action, add dependbot for … ()
* Add vendor license checker, update codecov action, add dependbot for github actions

* update gitingore, temprorary turn on check

* fix action name

* change action rules to trigger only when vendor changes

* remove obsolete line from main action
2021-05-10 12:01:20 +03:00