ceph-csi

mirrors/ceph-csi

Fork 0

mirror of https://github.com/ceph/ceph-csi.git synced 2024-09-19 23:19:52 +00:00

Commit Graph

Author	SHA1	Message	Date
Niels de Vos	e08d184984	ci: ignore k8s.io/kubernetes dependencies These dependencies are pulled in by k8s.io/kubernetes with version v0.0.0. It is therefore required to use 'replace' in go.mod to select a compatible version of the additional k8s.io packages. Dependabot does not seem to update packages listed in 'replace', only under 'require'. That means, the version updates done by Dependabot do not have any effect, as the contents is replaced with a different version anyway. Ignoring these packages prevents the creation of non-functional PRs. Signed-off-by: Niels de Vos <ndevos@redhat.com>	2021-08-31 09:03:12 +00:00
Niels de Vos	c17b3f69bd	ci: add dependabot config for updating vendored packages Vendored dependencies need updating on regular basis. This is currently done manually by developers, but it can be automated by Dependabot. By dropping the dependabot.yml config file in the .github/ directory the bot should get enabled. See-also: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates Signed-off-by: Niels de Vos <ndevos@redhat.com>	2021-08-30 13:51:49 +00:00

Author

SHA1

Message

Date

Niels de Vos

e08d184984

ci: ignore k8s.io/kubernetes dependencies

These dependencies are pulled in by k8s.io/kubernetes with version
v0.0.0. It is therefore required to use 'replace' in go.mod to select a
compatible version of the additional k8s.io packages.

Dependabot does not seem to update packages listed in 'replace', only
under 'require'. That means, the version updates done by Dependabot do
not have any effect, as the contents is replaced with a different
version anyway. Ignoring these packages prevents the creation of
non-functional PRs.

Signed-off-by: Niels de Vos <ndevos@redhat.com>

2021-08-31 09:03:12 +00:00

Niels de Vos

c17b3f69bd

ci: add dependabot config for updating vendored packages

Vendored dependencies need updating on regular basis. This is currently
done manually by developers, but it can be automated by Dependabot. By
dropping the dependabot.yml config file in the .github/ directory the
bot should get enabled.

See-also: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates
Signed-off-by: Niels de Vos <ndevos@redhat.com>

2021-08-30 13:51:49 +00:00

2 Commits