From b7955ec0eeda4e9deaeb609c4a153dd518608afe Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Tue, 28 Feb 2023 09:55:01 +0100 Subject: [PATCH] ci: disable dependabot PR creation for `/api` dependencies Dependabot does not need to report available updates for vendored dependencies in the downstream repository. Updates to dependencies are synced from the upstream repository when needed. There is also the "Upstream First" requirement, which we follow closely. See-also: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#open-pull-requests-limit Signed-off-by: Niels de Vos --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 625d6d590..48ece239b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -53,6 +53,8 @@ updates: commit-message: prefix: "rebase" - package-ecosystem: "gomod" + # ODF only: disable PR creation, synced from upstream + open-pull-requests-limit: 0 directory: "/api" schedule: interval: "weekly"