stackoom
  简体   繁体   中英

Can I exclude directories from GitHub Dependabot?

 原文  2020-12-13 12:08:38       github/ npm/ automation/ monorepo/ dependabot

Question

I have a directory /experiments in my repo which contains - surprise. - experiments. Those usually come with their own package.json which includes dependencies that were up to date at the time I made the experiment but might be outdated by now. I have no intent to keep them up to date as the experiments are just proofs of concepts - concepts I might want to use later in the project but I would then implement anew in the main project.

Unfortunately Dependapot sends me a lot of PRs that are about those dependencies in /experiments . Many of them require manual efforts on my end. So I would like to tell Dependabot to not send any notifications or create PRs for everything that is in the /experiments directory (but keep creating PRs for dependencies in the main project).

I didn't really find much docs about how to configure Dependabot on GitHub, but I came up with this:

/.github/dependabot.yml : 

version: 2
updates:

  # Ignore experiments:
  - package-ecosystem: "npm"
    directory: "/experiments"
    schedule:
      interval: "daily"
    ignore:
      - dependency-name: "*"

It doesn't seem to work though. Today I received another PR from Dependabot that bumped one of the dependencies in /experiments . It was automatically merged, so no effort on my end, but still a bit annoying.

How can I do this right?

1 answers

solution1
 0  2022-02-04 17:50:03

This doesn't seem possible as of February 2022: https://github.com/dependabot/dependabot-core/issues/4364

solution2
 -1 ACCPTED  2021-02-01 09:37:11

I just found the answer in this GitHub Issue: https://github.com/dependabot/dependabot-core/issues/2276

It says that there is no configuration to exclude folders, but you can include ones on your .github/dependabot.yml config file. Dependabot will scan only the included folders in its config.

Eg the following configuration will make Dependabot scan only the GitHub Actions in your .github/workflows/ folder, the package.json in the root of your repository and the package.json in the client folder. With this, the experiments folder won't be scanned.

version: 2
updates:
  # --- GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"

  # --- Root
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
  
  # --- Client package
  - package-ecosystem: "npm"
    directory: "/client"
    schedule:
      interval: "daily"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question GitHub Actions - Ignore or exclude Dependabot Pull Requests How can I check if Dependabot is enabled for a Repo using Github APIs? Can't resolve github Dependabot alert GitHub Dependabot Doesn't Have Permissions To Publish to GHCR How Can I Give It Access Is dependabot.yml mandatory for GitHub Dependabot? Is there a way to generate a badge for the Dependabot into GitHub? Can I exclude auto-generated files from a pull request in GitHub? Exclude folder from github Github dependabot v2 update on push Exclude sub directories recursively from folder
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM