I have a directory /experiments
in my repo which contains - surprise. - experiments. Those usually come with their own package.json
which includes dependencies that were up to date at the time I made the experiment but might be outdated by now. I have no intent to keep them up to date as the experiments are just proofs of concepts - concepts I might want to use later in the project but I would then implement anew in the main project.
Unfortunately Dependapot sends me a lot of PRs that are about those dependencies in /experiments
. Many of them require manual efforts on my end. So I would like to tell Dependabot to not send any notifications or create PRs for everything that is in the /experiments
directory (but keep creating PRs for dependencies in the main project).
I didn't really find much docs about how to configure Dependabot on GitHub, but I came up with this:
/.github/dependabot.yml
:
version: 2
updates:
# Ignore experiments:
- package-ecosystem: "npm"
directory: "/experiments"
schedule:
interval: "daily"
ignore:
- dependency-name: "*"
It doesn't seem to work though. Today I received another PR from Dependabot that bumped one of the dependencies in /experiments
. It was automatically merged, so no effort on my end, but still a bit annoying.
How can I do this right?
This doesn't seem possible as of February 2022: https://github.com/dependabot/dependabot-core/issues/4364
I just found the answer in this GitHub Issue: https://github.com/dependabot/dependabot-core/issues/2276
It says that there is no configuration to exclude folders, but you can include ones on your .github/dependabot.yml
config file. Dependabot will scan only the included folders in its config.
Eg the following configuration will make Dependabot scan only the GitHub Actions in your .github/workflows/
folder, the package.json
in the root of your repository and the package.json
in the client
folder. With this, the experiments
folder won't be scanned.
version: 2
updates:
# --- GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
# --- Root
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
# --- Client package
- package-ecosystem: "npm"
directory: "/client"
schedule:
interval: "daily"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.