ci: disable dependabot PR creation

Dependabot does not need to report available updates for vendored dependencies in the downstream repository. Updates to dependencies are synced from the upstream repository when needed. There is also the "Upstream First" requirement, which we follow closely. See-also: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#open-pull-requests-limit Signed-off-by: Niels de Vos <ndevos@redhat.com>
2025-01-18 10:49:30 +00:00 · 2021-09-01 08:46:09 +02:00 · 2021-09-01 08:46:09 +02:00 · db7bb2c6a0
commit db7bb2c6a0
parent 00dcf5f325
1 changed files with 2 additions and 0 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -3,6 +3,8 @@ version: 2
 enable-beta-ecosystems: true
 updates:
  - package-ecosystem: "gomod"
+    # ODF only: disable PR creation, synced from upstream
+    open-pull-requests-limit: 0
    directory: "/"
    schedule:
      interval: "weekly"