我可以从 GitHub Dependabot 中排除目录吗?
[英]Can I exclude directories from GitHub Dependabot?
问题描述
I have a directory /experiments in my repo which contains - surprise.
我的仓库中有一个目录/experiments ,其中包含 - surprise。 - experiments. - 实验。 Those usually come with their own package.json which includes dependencies that were up to date at the time I made the experiment but might be outdated by now.这些通常带有自己的package.json ,其中包括在我进行实验时是最新的但现在可能已经过时的依赖项。 I have no intent to keep them up to date as the experiments are just proofs of concepts - concepts I might want to use later in the project but I would then implement anew in the main project.我无意让它们保持最新,因为实验只是概念的证明——我可能想在项目的后期使用这些概念,但我会在主项目中重新实施。
Unfortunately Dependapot sends me a lot of PRs that are about those dependencies in /experiments .不幸的是,Dependapot 向我发送了很多关于/experiments中的依赖项的 PR。 Many of them require manual efforts on my end.其中许多需要我手动操作。 So I would like to tell Dependabot to not send any notifications or create PRs for everything that is in the /experiments directory (but keep creating PRs for dependencies in the main project).所以我想告诉 Dependabot 不要发送任何通知或为/experiments目录中的所有内容创建 PR(但要继续为主项目中的依赖项创建 PR)。
I didn't really find much docs about how to configure Dependabot on GitHub, but I came up with this:我并没有找到太多关于如何在 GitHub 上配置 Dependabot 的文档,但我想到了这个:
/.github/dependabot.yml : /.github/dependabot.yml :
version: 2
updates:
# Ignore experiments:
- package-ecosystem: "npm"
directory: "/experiments"
schedule:
interval: "daily"
ignore:
- dependency-name: "*"
It doesn't seem to work though.虽然它似乎不起作用。 Today I received another PR from Dependabot that bumped one of the dependencies in /experiments .今天我收到了来自 Dependabot 的另一个 PR,该 PR 影响了/experiments中的一个依赖项。 It was automatically merged, so no effort on my end, but still a bit annoying.它是自动合并的,所以我没有任何努力,但仍然有点烦人。
How can I do this right?我该怎么做呢?
1 个解决方案
解决方案1
0 2022-02-04 17:50:03
This doesn't seem possible as of February 2022: https://github.com/dependabot/dependabot-core/issues/4364截至 2022 年 2 月,这似乎是不可能的: https://github.com/dependabot/dependabot-core/issues/4364
解决方案2
-1 已采纳 2021-02-01 09:37:11
I just found the answer in this GitHub Issue: https://github.com/dependabot/dependabot-core/issues/2276我刚刚在这个 GitHub 问题中找到了答案: https://github.com/dependabot/dependabot-core/issues/2276
It says that there is no configuration to exclude folders, but you can include ones on your .github/dependabot.yml config file.它表示没有排除文件夹的配置,但您可以在.github/dependabot.yml配置文件中包含这些配置。 Dependabot will scan only the included folders in its config. Dependabot 将仅扫描其配置中包含的文件夹。
Eg the following configuration will make Dependabot scan only the GitHub Actions in your .github/workflows/ folder, the package.json in the root of your repository and the package.json in the client folder. Eg the following configuration will make Dependabot scan only the GitHub Actions in your .github/workflows/ folder, the package.json in the root of your repository and the package.json in the client folder. With this, the experiments folder won't be scanned.这样, experiments文件夹将不会被扫描。
version: 2
updates:
# --- GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
# --- Root
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
# --- Client package
- package-ecosystem: "npm"
directory: "/client"
schedule:
interval: "daily"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.