ci: disable dependabot PR creation for /api dependencies

Dependabot does not need to report available updates for vendored dependencies in the downstream repository. Updates to dependencies are synced from the upstream repository when needed. There is also the "Upstream First" requirement, which we follow closely. See-also: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#open-pull-requests-limit Signed-off-by: Niels de Vos <ndevos@ibm.com>
2025-01-18 10:49:30 +00:00 · 2023-02-28 09:55:01 +01:00 · 2023-02-28 09:55:01 +01:00 · 956540dd2f
commit 956540dd2f
parent 82f8658520
1 changed files with 2 additions and 0 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -70,6 +70,8 @@ updates:
    commit-message:
      prefix: "rebase"
  - package-ecosystem: "gomod"
+    # ODF only: disable PR creation, synced from upstream
+    open-pull-requests-limit: 0
    directory: "/api"
    schedule:
      interval: "weekly"