Skip to content

add 2.4.x branch to dependabot #2321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add 2.4.x branch to dependabot #2321

wants to merge 1 commit into from

Conversation

pminz
Copy link
Collaborator

@pminz pminz commented Aug 5, 2025

No description provided.

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Aug 5, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

ryanemerson
ryanemerson reviewed Aug 6, 2025
View reviewed changes
.github/dependabot.yml
interval: daily
open-pull-requests-limit: 10
target-branch: "2.4.x"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These rules will result in Dependabot PRs also being created for non-security updates on the 2.4.x branch, I think we only want security uploads for go and mvn. It probably makes sense to keep the actions upto date though, WDYT @pminz @Crumby ?

FYI to disable non-security updates, the configuration is as follows:

version: 2
updates:
  # Replace "npm" with your project's package ecosystem.
  # Common options: npm, pip, gomod, maven, gradle, nuget, bundler, cargo, etc.
  - package-ecosystem: "npm"
    directory: "/" # Location of package manifests
    schedule:
      interval: "daily"
    # This is the key setting:
    # It disables pull requests for VERSION updates.
    # It does NOT affect SECURITY updates.
    open-pull-requests-limit: 0

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that it does make sense to keep gitHub actions upto date, so I think we can keep the section in to continue receiving version bumps.

@pminz pminz marked this pull request as ready for review August 6, 2025 12:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryanemerson ryanemerson ryanemerson left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pminz @ryanemerson