Skip to content

Commit

Permalink
ci: disable dependabot PR creation
Browse files Browse the repository at this point in the history
Dependabot does not need to report available updates for vendored
dependencies in the downstream repository. Updates to dependencies are
synced from the upstream repository when needed. There is also the
"Upstream First" requirement, which we follow closely.

See-also: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#open-pull-requests-limit
Signed-off-by: Niels de Vos <[email protected]>
(cherry picked from commit 6e4f4ba)
nixpanic authored and Rakshith-R committed May 6, 2022
1 parent 27c9be9 commit 945da36
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -2,6 +2,8 @@
version: 2
updates:
- package-ecosystem: "gomod"
# ODF only: disable PR creation, synced from upstream
open-pull-requests-limit: 0
directory: "/"
schedule:
interval: "weekly"

0 comments on commit 945da36

Please sign in to comment.