[dependabot-updates] Overriding the default behavior with dependabot.yml #9027
Conversation
|
@JackTn how does this dependabot configuration file fix the rush issue? |
JackTn
changed the title
|
@weshaggard |
|
@JackTn do we need to override it for all the directories or just the one where the error lives 2 ERROR |
|
@weshaggard To implement Dependabot across all our package directories, including C# projects, Go projects, Python projects, and JavaScript projects, and to address the RushJS issue, we need to set up to override settings for each directory. Do we write all setting into dependabot.yml ? |
|
Through investigation, this repo probably has more than 100 configuration files like package.json ! |
|
Perhaps my assumption is incorrect but I would only expect anything that isn't overridden in the config file to keep the defaults. I really do not want to have to maintain a list of all projects in this file. If we cannot easily override only one directory then I suggest we fix that directory (ie. remove rush and only use plain npm) instead of adding this config file. |
|
Let's test only the one directory overriding. |
|
Looks like the one entry worked and unblocked the dependabot update PRs. https://github.com/Azure/azure-sdk-tools/actions/runs/11042246460/job/30674194826 |
|
I guess I should say it seemed to generate updates for test-gen but it doesn't seem to update others. Also all the test-gen updates seem to be failing CI currently so configuring this as npm doesn't correctly update the rush lock files. I was talking with Ray and he is going to check to see if it is still used and if so move it away from Rush. |
bugfix for dependabot updates errors for rushjs https://github.com/Azure/azure-sdk-tools/actions/workflows/dependabot/dependabot-updates