mirror of
https://github.com/kopia/kopia.git
synced 2026-03-05 14:57:36 -05:00
chore(ci): disable dependabot and replace with Snyk (#3017)
We are not using dependabot to automatically upgrade our dependencies, instead we will use Snyk to monitor our dependencies and alert us when they need to be upgraded. This should hopefully reduce the noise in our PR process.
This commit is contained in:
Jarek Kowalski
92
.github/auto-merge.yml
vendored
92
.github/auto-merge.yml
vendored
@@ -1,92 +0,0 @@
|
||||
# This file contains rules for auto-approving Dependabot PRs.
|
||||
#
|
||||
# We should only have entries for regularly-delivered updates from reputable vendors
|
||||
# that have been proven to be stable.
|
||||
|
||||
# AWS-provided libraries
|
||||
- match:
|
||||
dependency_name: "github.com/aws/aws-sdk-go"
|
||||
update_type: "semver:minor"
|
||||
|
||||
# golang.org/x
|
||||
- match:
|
||||
dependency_name: "golang.org/x/.*"
|
||||
update_type: "semver:minor"
|
||||
|
||||
# Google-provided libraries
|
||||
- match:
|
||||
dependency_name: "google.golang.org/grpc"
|
||||
update_type: "semver:minor"
|
||||
- match:
|
||||
dependency_name: "google.golang.org/api"
|
||||
update_type: "semver:minor"
|
||||
- match:
|
||||
dependency_name: "google.golang.org/protobuf"
|
||||
update_type: "semver:minor"
|
||||
- match:
|
||||
dependency_name: "cloud.google.com/go/storage"
|
||||
update_type: "semver:minor"
|
||||
|
||||
# minio
|
||||
- match:
|
||||
dependency_name: "github.com/minio/minio-go/v7"
|
||||
update_type: "semver:minor"
|
||||
|
||||
# Playwright test framework
|
||||
- match:
|
||||
dependency_name: "@playwright/test"
|
||||
update_type: "semver:minor"
|
||||
- match:
|
||||
dependency_name: "playwright"
|
||||
update_type: "semver:minor"
|
||||
- match:
|
||||
dependency_name: "playwright-core"
|
||||
update_type: "semver:minor"
|
||||
|
||||
# otel
|
||||
- match:
|
||||
dependency_name: "go.opentelemetry.io/.*"
|
||||
update_type: "semver:minor"
|
||||
|
||||
# chromedp
|
||||
- match:
|
||||
dependency_name: "github.com/chromedp/.*"
|
||||
update_type: "semver:minor"
|
||||
|
||||
# Prometheus
|
||||
- match:
|
||||
dependency_name: "github.com/prometheus/common"
|
||||
update_type: "semver:minor"
|
||||
- match:
|
||||
dependency_name: "github.com/prometheus/client_golang"
|
||||
update_type: "semver:minor"
|
||||
|
||||
# ReactJS
|
||||
- match:
|
||||
dependency_name: "react-scripts"
|
||||
update_type: "semver:patch"
|
||||
|
||||
# test-only dependencies where we have good coverage to auto approve minor updates
|
||||
- match:
|
||||
dependency_name: "github.com/chromedp/chromedp"
|
||||
update_type: "semver:minor"
|
||||
- match:
|
||||
dependency_name: "github.com/stretchr/testify"
|
||||
update_type: "semver:minor"
|
||||
|
||||
- match:
|
||||
dependency_name: "electron-log"
|
||||
update_type: "semver:minor"
|
||||
|
||||
- match:
|
||||
dependency_name: "concurrently"
|
||||
update_type: "semver:minor"
|
||||
|
||||
# DO NOT ADD large electron dependencies here:
|
||||
#
|
||||
# electron
|
||||
# electron-builder
|
||||
# electron-updater
|
||||
#
|
||||
# Those have been known to break in the past and we don't have adequate
|
||||
# coverage to detect regressions in all cases (desktop app installation and upgrade).
|
||||
2
.github/config.yml
vendored
2
.github/config.yml
vendored
@@ -1,2 +0,0 @@
|
||||
PR_TITLE_REGEX: /(feat|fix|breaking|build|chore|docs|style|refactor|test)\((app|cli|server|providers|deps|site|ci|infra|general)\): .*/
|
||||
COMMIT_MESSAGE_REGEX: /(feat|fix|breaking|build|chore|docs|style|refactor|test)\((app|cli|server|providers|deps|site|ci|infra|general)\): .*/
|
||||
9
.github/dependabot.yml
vendored
9
.github/dependabot.yml
vendored
@@ -1,16 +1,7 @@
|
||||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: gomod
|
||||
directory: "/"
|
||||
open-pull-requests-limit: 5
|
||||
schedule:
|
||||
interval: daily
|
||||
- package-ecosystem: github-actions
|
||||
directory: "/"
|
||||
open-pull-requests-limit: 3
|
||||
schedule:
|
||||
interval: weekly
|
||||
- package-ecosystem: npm
|
||||
directory: "/app"
|
||||
schedule:
|
||||
interval: monthly
|
||||
|
||||
14
.github/workflows/auto-merge.yml
vendored
14
.github/workflows/auto-merge.yml
vendored
@@ -1,14 +0,0 @@
|
||||
name: auto-merge
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
|
||||
jobs:
|
||||
auto-merge:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: ahmadnassri/action-dependabot-auto-merge@v2
|
||||
with:
|
||||
# auto-merge rules are in /.github/auto-merge.yml
|
||||
github-token: ${{ secrets.AUTO_MERGE_TOKEN }}
|
||||
2
.github/workflows/check-pr-title.yml
vendored
2
.github/workflows/check-pr-title.yml
vendored
@@ -9,4 +9,4 @@ jobs:
|
||||
steps:
|
||||
- uses: deepakputhraya/action-pr-title@master
|
||||
with:
|
||||
regex: '^(feat|fix|breaking|build|chore|docs|style|refactor|test)\((kopiaui|cli|ui|repository|snapshots|server|providers|deps|deps-dev|site|ci|infra|general)\)!{0,1}: .*$'
|
||||
regex: '^(\[Snyk\]|(feat|fix|breaking|build|chore|docs|style|refactor|test)\((kopiaui|cli|ui|repository|snapshots|server|providers|deps|deps-dev|site|ci|infra|general)\)!{0,1}:) .*$'
|
||||
|
||||
Reference in New Issue
Block a user