From f9de453efc198b6e993af8922f953a7e5322dc5f Mon Sep 17 00:00:00 2001 From: Jarek Kowalski Date: Fri, 5 May 2023 14:48:24 -0700 Subject: [PATCH] chore(ci): disable dependabot and replace with Snyk (#3017) We are not using dependabot to automatically upgrade our dependencies, instead we will use Snyk to monitor our dependencies and alert us when they need to be upgraded. This should hopefully reduce the noise in our PR process. --- .github/auto-merge.yml | 92 ---------------------------- .github/config.yml | 2 - .github/dependabot.yml | 9 --- .github/workflows/auto-merge.yml | 14 ----- .github/workflows/check-pr-title.yml | 2 +- 5 files changed, 1 insertion(+), 118 deletions(-) delete mode 100644 .github/auto-merge.yml delete mode 100644 .github/config.yml delete mode 100644 .github/workflows/auto-merge.yml diff --git a/.github/auto-merge.yml b/.github/auto-merge.yml deleted file mode 100644 index 01088fa97..000000000 --- a/.github/auto-merge.yml +++ /dev/null @@ -1,92 +0,0 @@ -# This file contains rules for auto-approving Dependabot PRs. -# -# We should only have entries for regularly-delivered updates from reputable vendors -# that have been proven to be stable. - -# AWS-provided libraries -- match: - dependency_name: "github.com/aws/aws-sdk-go" - update_type: "semver:minor" - -# golang.org/x -- match: - dependency_name: "golang.org/x/.*" - update_type: "semver:minor" - -# Google-provided libraries -- match: - dependency_name: "google.golang.org/grpc" - update_type: "semver:minor" -- match: - dependency_name: "google.golang.org/api" - update_type: "semver:minor" -- match: - dependency_name: "google.golang.org/protobuf" - update_type: "semver:minor" -- match: - dependency_name: "cloud.google.com/go/storage" - update_type: "semver:minor" - -# minio -- match: - dependency_name: "github.com/minio/minio-go/v7" - update_type: "semver:minor" - -# Playwright test framework -- match: - dependency_name: "@playwright/test" - update_type: "semver:minor" -- match: - dependency_name: "playwright" - update_type: "semver:minor" -- match: - dependency_name: "playwright-core" - update_type: "semver:minor" - -# otel -- match: - dependency_name: "go.opentelemetry.io/.*" - update_type: "semver:minor" - -# chromedp -- match: - dependency_name: "github.com/chromedp/.*" - update_type: "semver:minor" - -# Prometheus -- match: - dependency_name: "github.com/prometheus/common" - update_type: "semver:minor" -- match: - dependency_name: "github.com/prometheus/client_golang" - update_type: "semver:minor" - -# ReactJS -- match: - dependency_name: "react-scripts" - update_type: "semver:patch" - -# test-only dependencies where we have good coverage to auto approve minor updates -- match: - dependency_name: "github.com/chromedp/chromedp" - update_type: "semver:minor" -- match: - dependency_name: "github.com/stretchr/testify" - update_type: "semver:minor" - -- match: - dependency_name: "electron-log" - update_type: "semver:minor" - -- match: - dependency_name: "concurrently" - update_type: "semver:minor" - -# DO NOT ADD large electron dependencies here: -# -# electron -# electron-builder -# electron-updater -# -# Those have been known to break in the past and we don't have adequate -# coverage to detect regressions in all cases (desktop app installation and upgrade). \ No newline at end of file diff --git a/.github/config.yml b/.github/config.yml deleted file mode 100644 index 8afbfd7aa..000000000 --- a/.github/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -PR_TITLE_REGEX: /(feat|fix|breaking|build|chore|docs|style|refactor|test)\((app|cli|server|providers|deps|site|ci|infra|general)\): .*/ -COMMIT_MESSAGE_REGEX: /(feat|fix|breaking|build|chore|docs|style|refactor|test)\((app|cli|server|providers|deps|site|ci|infra|general)\): .*/ diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7d82b5ec9..621eb4d71 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,16 +1,7 @@ version: 2 updates: - - package-ecosystem: gomod - directory: "/" - open-pull-requests-limit: 5 - schedule: - interval: daily - package-ecosystem: github-actions directory: "/" open-pull-requests-limit: 3 schedule: interval: weekly - - package-ecosystem: npm - directory: "/app" - schedule: - interval: monthly diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml deleted file mode 100644 index 665ef373a..000000000 --- a/.github/workflows/auto-merge.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: auto-merge - -on: - pull_request: - -jobs: - auto-merge: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: ahmadnassri/action-dependabot-auto-merge@v2 - with: - # auto-merge rules are in /.github/auto-merge.yml - github-token: ${{ secrets.AUTO_MERGE_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/check-pr-title.yml b/.github/workflows/check-pr-title.yml index b7909b85e..1cb0f1d04 100644 --- a/.github/workflows/check-pr-title.yml +++ b/.github/workflows/check-pr-title.yml @@ -9,4 +9,4 @@ jobs: steps: - uses: deepakputhraya/action-pr-title@master with: - regex: '^(feat|fix|breaking|build|chore|docs|style|refactor|test)\((kopiaui|cli|ui|repository|snapshots|server|providers|deps|deps-dev|site|ci|infra|general)\)!{0,1}: .*$' + regex: '^(\[Snyk\]|(feat|fix|breaking|build|chore|docs|style|refactor|test)\((kopiaui|cli|ui|repository|snapshots|server|providers|deps|deps-dev|site|ci|infra|general)\)!{0,1}:) .*$'