如何禁用或忽略依赖性拉力请求？

发布于 2025-02-04 12:02:59 字数 903 浏览 1 评论 0 原文

我们希望使用Dispenabot了解更新的依赖关系，但是我们不希望Dispenabot自行创建拉动请求，并且不需要自动化构建（我们使用GitHub用于代码，Azure DevOps for Builds）。

文档中没有明确的提示（ https://docs.github.com/en/code-security/depperabot/working-with-with-depparebot/automating-depparebot-with-with-with-github-actions ）我们已经试图排除依赖关系分支，但这并不能以任何形式起作用。

# Azure DevOps Excludes
pr:
  autoCancel: "true"
  branches:
    exclude:
    - dependabot/*
    - dependabot/**/*

我们还发现堆栈溢出上的提示将限制设置为0，但仍创建了PRS

version: 2
updates:
  - directory: "/"
    open-pull-requests-limit: 0

将Displabot用作信息源的可能性吗？

原文

We want to use Dependabot to be informed about updated dependencies, but we do not want Dependabot to create pull requests on its own and do not want automated builds (we use GitHub for Code, Azure DevOps for builds).

There is no clear hint in the docs (https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions) to do this.
We already tried to exclude dependabot branches, but that does not work in any form.

# Azure DevOps Excludes
pr:
  autoCancel: "true"
  branches:
    exclude:
    - dependabot/*
    - dependabot/**/*

We also found the hint on Stack Overflow to set the limit to 0, but still PRs are created

version: 2
updates:
  - directory: "/"
    open-pull-requests-limit: 0

Any possibility to use Dependabot just as information source?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

情丝乱 2025-02-11 12:02:59

转到安全 - ＆GT; DiDeNTABOT - ＆GT;配置 - ＆gt;管理存储库漏洞设置。（这应该将您带到 https://github.com/yourusername/yourusername/yourreponemettings/settings/settings/security_analysis“ /security_analysis 。）
启用了“依赖关系警报”设置，但请确保“ Disporabot版本更新”设置为 disabled 。

如果您先前启用了“ displabot版本更新”，则您将拥有 .github/disterabot.yml repo中的文件，其目的是配置DiDeDabot的自动更新。要禁用它们，请删除 distrabot.yml 。

在图片中：

回复收藏 0 原文

日久见人心 2025-02-11 12:02:59

默认情况下， distrabot 将自动重置拉动请求以解决任何冲突。如果您希望手动处理合并冲突，则可以使用 rebase-Strategy 选项禁用此功能。

对于重列策略，使用禁用禁用自动重新启动。

设置此选项还会影响该软件包管理器清单文件的安全更新的拉动请求，除非您使用 target-Branch 检查非默认分支上的版本更新。

对于 rebase-Strategy 示例，

version: 2

updates:

  - directory: "/"

    schedule:

      interval: "daily"

    # Disable Dependabot pull requests

    rebase-strategy: "disabled"

By default, Dependabot will automatically reset pull requests to resolve any conflicts. If you prefer to handle merge conflicts manually, you can disable this feature with the rebase-strategy option.

For rebase strategies, using disabled to disable automatic rebasing.

Setting this option will also affect pull requests for security updates to this package manager's manifest file, unless you use target-branch to check for version updates on non-default branches.

For rebase-strategy example,

version: 2

updates:

  - directory: "/"

    schedule:

      interval: "daily"

    # Disable Dependabot pull requests

    rebase-strategy: "disabled"

回复收藏 0 原文

~没有更多了~