ci: disable dependabot PR creation

Dependabot does not need to report available updates for vendored
dependencies in the downstream repository. Updates to dependencies are
synced from the upstream repository when needed. There is also the
"Upstream First" requirement, which we follow closely.

See-also: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#open-pull-requests-limit
Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos 2021-09-01 08:46:09 +02:00 committed by DF Build Team
parent 00dcf5f325
commit db7bb2c6a0

View File

@ -3,6 +3,8 @@ version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "gomod"
# ODF only: disable PR creation, synced from upstream
open-pull-requests-limit: 0
directory: "/"
schedule:
interval: "weekly"