Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Opt-in Dependabot version update configuration #94

Closed
svengreb opened this issue May 5, 2022 · 0 comments · Fixed by #95
Closed

Opt-in Dependabot version update configuration #94

svengreb opened this issue May 5, 2022 · 0 comments · Fixed by #95

Comments

@svengreb
Copy link
Owner

svengreb commented May 5, 2022

The .github/dependabot.yml Dependabot configuration file for automation version updates that was introduced in #52 often causes a lot of PR noise and does not really help since updates also often require more action than just a bump of the version number itself like migration steps or adjustments to changes (e.g. APIs or deprecated implementations). Since Dependabot is not able to fulfill this and only does a stupid increase of the version number it often creates more work than it helps. The result are often hundreds of notifications and more digital noise for developers and maintainers without any real benefit since version & security updates are done on a regular schedule by maintainers who know what they are doing and how modern software should be maintained.
Therefore the .github/dependabot.yml file will be renamed to .github/dependabot.tmpl.yml to disable Dependabot for this repository while still allowing repositories that are based on this template repository to opt-in.

@svengreb svengreb added this to the Next milestone May 5, 2022
@svengreb svengreb self-assigned this May 5, 2022
@svengreb svengreb modified the milestone: version-next May 5, 2022
svengreb added a commit that referenced this issue May 5, 2022
The `.github/dependabot.yml` Dependabot configuration file [2] for
automation version updates [1] that was introduced in GH-52 [3] often
causes a lot of PR noise and does not really help since updates also
often require more action than just a bump of the version number itself
like migration steps or adjustments to changes (e.g. APIs or deprecated
implementations). Since Dependabot is not able to fulfill this and only
does a stupid increase of the version number it often creates more work
than it helps. The result are often hundreds of notifications and more
digital noise for developers and maintainers without any real benefit
since version & security updates are done on a regular schedule by
maintainers who know what they are doing and how modern software should
be maintained.
Therefore the `.github/dependabot.yml` file has been renamed to
`.github/dependabot.tmpl.yml` to disable Dependabot for this repository
while still allowing repositories that are based on this template
repository to opt-in.

[1]: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
[2]: https://github.com/svengreb/tmpl/blob/32925a1f/.github/dependabot.yml
[3]: #52

GH-94
svengreb added a commit that referenced this issue May 5, 2022
The `.github/dependabot.yml` Dependabot configuration file [2] for
automation version updates [1] that was introduced in GH-52 [3] often
causes a lot of PR noise and does not really help since updates also
often require more action than just a bump of the version number itself
like migration steps or adjustments to changes (e.g. APIs or deprecated
implementations). Since Dependabot is not able to fulfill this and only
does a stupid increase of the version number it often creates more work
than it helps. The result are often hundreds of notifications and more
digital noise for developers and maintainers without any real benefit
since version & security updates are done on a regular schedule by
maintainers who know what they are doing and how modern software should
be maintained.
Therefore the `.github/dependabot.yml` file has been renamed to
`.github/dependabot.tmpl.yml` to disable Dependabot for this repository
while still allowing repositories that are based on this template
repository to opt-in.

[1]: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
[2]: https://github.com/svengreb/tmpl/blob/32925a1f/.github/dependabot.yml
[3]: #52

GH-94
@svengreb svengreb removed their assignment May 5, 2022
svengreb added a commit to svengreb/tmpl-go that referenced this issue May 8, 2022
Updated to `tmpl` version `0.11.0` [1] which comes with...

1. an opt-in Dependabot version update configuration [2] - this disabled
   the `.github/dependabot.yml` file [3] in order to remove the PR noise
   and reduce the maintenance overhead. Dependency updates will be made
   by keeping up-to-date with new `tmpl` repository versions instead
   which take care of this.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: svengreb/tmpl#94
[3]: https://github.com/svengreb/tmpl-go/blob/39cf0b85/.github/dependabot.yml

GH-91
svengreb added a commit to svengreb/tmpl-go that referenced this issue May 8, 2022
Updated to `tmpl` version `0.11.0` [1] which comes with...

1. an opt-in Dependabot version update configuration [2] - this disabled
   the `.github/dependabot.yml` file [3] in order to remove the PR noise
   and reduce the maintenance overhead. Dependency updates will be made
   by keeping up-to-date with new `tmpl` repository versions instead
   which take care of this.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: svengreb/tmpl#94
[3]: https://github.com/svengreb/tmpl-go/blob/39cf0b85/.github/dependabot.yml

GH-91
arcticicestudio pushed a commit to svengreb/styleguide-markdown that referenced this issue May 10, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
svengreb added a commit to svengreb/styleguide-markdown that referenced this issue May 10, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
arcticicestudio pushed a commit to svengreb/styleguide-markdown that referenced this issue May 10, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
arcticicestudio pushed a commit to svengreb/styleguide-markdown that referenced this issue May 12, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
arcticicestudio pushed a commit to svengreb/styleguide-markdown that referenced this issue May 12, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
arcticicestudio pushed a commit to svengreb/styleguide-markdown that referenced this issue May 12, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
arcticicestudio pushed a commit to svengreb/styleguide-javascript that referenced this issue May 12, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].
4. Migrated to Markdown style guide version 0.4.0 [6].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94
[6]: svengreb/tmpl#76

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-86
arcticicestudio pushed a commit to svengreb/styleguide-javascript that referenced this issue May 12, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].
4. Migrated to Markdown style guide version 0.4.0 [6].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94
[6]: svengreb/tmpl#76

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83


Co-authored-by: Sven Greb <[email protected]>

GH-86
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant