[英]Can I exclude directories from GitHub Dependabot?
I have a directory /experiments
in my repo which contains - surprise.我的仓库中有一个目录
/experiments
,其中包含 - surprise。 - experiments. - 实验。 Those usually come with their own
package.json
which includes dependencies that were up to date at the time I made the experiment but might be outdated by now.这些通常带有自己的
package.json
,其中包括在我进行实验时是最新的但现在可能已经过时的依赖项。 I have no intent to keep them up to date as the experiments are just proofs of concepts - concepts I might want to use later in the project but I would then implement anew in the main project.我无意让它们保持最新,因为实验只是概念的证明——我可能想在项目的后期使用这些概念,但我会在主项目中重新实施。
Unfortunately Dependapot sends me a lot of PRs that are about those dependencies in /experiments
.不幸的是,Dependapot 向我发送了很多关于
/experiments
中的依赖项的 PR。 Many of them require manual efforts on my end.其中许多需要我手动操作。 So I would like to tell Dependabot to not send any notifications or create PRs for everything that is in the
/experiments
directory (but keep creating PRs for dependencies in the main project).所以我想告诉 Dependabot 不要发送任何通知或为
/experiments
目录中的所有内容创建 PR(但要继续为主项目中的依赖项创建 PR)。
I didn't really find much docs about how to configure Dependabot on GitHub, but I came up with this:我并没有找到太多关于如何在 GitHub 上配置 Dependabot 的文档,但我想到了这个:
/.github/dependabot.yml
: /.github/dependabot.yml
:
version: 2
updates:
# Ignore experiments:
- package-ecosystem: "npm"
directory: "/experiments"
schedule:
interval: "daily"
ignore:
- dependency-name: "*"
It doesn't seem to work though.虽然它似乎不起作用。 Today I received another PR from Dependabot that bumped one of the dependencies in
/experiments
.今天我收到了来自 Dependabot 的另一个 PR,该 PR 影响了
/experiments
中的一个依赖项。 It was automatically merged, so no effort on my end, but still a bit annoying.它是自动合并的,所以我没有任何努力,但仍然有点烦人。
How can I do this right?我该怎么做呢?
This doesn't seem possible as of February 2022: https://github.com/dependabot/dependabot-core/issues/4364截至 2022 年 2 月,这似乎是不可能的: https://github.com/dependabot/dependabot-core/issues/4364
I just found the answer in this GitHub Issue: https://github.com/dependabot/dependabot-core/issues/2276我刚刚在这个 GitHub 问题中找到了答案: https://github.com/dependabot/dependabot-core/issues/2276
It says that there is no configuration to exclude folders, but you can include ones on your .github/dependabot.yml
config file.它表示没有排除文件夹的配置,但您可以在
.github/dependabot.yml
配置文件中包含这些配置。 Dependabot will scan only the included folders in its config. Dependabot 将仅扫描其配置中包含的文件夹。
Eg the following configuration will make Dependabot scan only the GitHub Actions in your .github/workflows/
folder, the package.json
in the root of your repository and the package.json
in the client
folder. Eg the following configuration will make Dependabot scan only the GitHub Actions in your
.github/workflows/
folder, the package.json
in the root of your repository and the package.json
in the client
folder. With this, the experiments
folder won't be scanned.这样,
experiments
文件夹将不会被扫描。
version: 2
updates:
# --- GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
# --- Root
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
# --- Client package
- package-ecosystem: "npm"
directory: "/client"
schedule:
interval: "daily"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.