DiDeNTABOT配置：允许属性不允许依赖依赖的更新

发布于 2025-02-08 12:54:05 字数 1438 浏览 2 评论 0原文

我正在尝试使用允许属性属性自定义哪些依赖项的属性。

研究：`允许`

我看到 允许 属性正在阻止依赖关系的更新，而不是允许更新。同样，允许一个依赖性的是防止所有依赖关系的更新。

例如，我将允许属性添加到允许仅更新一个依赖项POI-OOXML 。我想跳过所有其他依赖项。

  allow:
    - dependency-name: "org.apache.poi:poi-ooxml"

结果：

所有依赖性更新均已跳过。

日志文件：

2022-06-16T20:41:32.4554260Z Checking if org.apache.poi:poi 4.1.1 needs updating
2022-06-16T20:41:32.4554513Z Requirements to unlock own
2022-06-16T20:41:32.4554747Z Updating org.apache.poi:poi is not allowed
2022-06-16T20:41:32.4555148Z Checking if org.apache.poi:poi-ooxml 4.1.1 needs updating
2022-06-16T20:41:32.4555414Z Requirements to unlock own
2022-06-16T20:41:32.4555760Z Updating org.apache.poi:poi-ooxml is not allowed

根据要求添加完整的YAML

version: 2
updates:
- package-ecosystem: maven
  directory: "/xxx"
  target-branch: "xxx"
  open-pull-requests-limit: 10
  allow:
    - dependency-name: "org.apache.poi:poi-ooxml"

原文

I am trying to customize which dependencies are updated using the allow property of Dependabot's configuration YAML.

Research: `allow`

I see that the allow property is preventing update of the dependencies instead of allowing update. Also, an allow for one dependency is preventing update for all dependencies.

For example I added the allow property as below to allow for update of just one dependency poi-ooxml. I want to skip updates to all other dependencies.

  allow:
    - dependency-name: "org.apache.poi:poi-ooxml"

Result:

All dependency updates are skipped.

Log file:

2022-06-16T20:41:32.4554260Z Checking if org.apache.poi:poi 4.1.1 needs updating
2022-06-16T20:41:32.4554513Z Requirements to unlock own
2022-06-16T20:41:32.4554747Z Updating org.apache.poi:poi is not allowed
2022-06-16T20:41:32.4555148Z Checking if org.apache.poi:poi-ooxml 4.1.1 needs updating
2022-06-16T20:41:32.4555414Z Requirements to unlock own
2022-06-16T20:41:32.4555760Z Updating org.apache.poi:poi-ooxml is not allowed

Adding full yaml as requested

version: 2
updates:
- package-ecosystem: maven
  directory: "/xxx"
  target-branch: "xxx"
  open-pull-requests-limit: 10
  allow:
    - dependency-name: "org.apache.poi:poi-ooxml"

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

我爱人 2025-02-15 12:54:05

配置的允许属性：

  allow:
    - dependency-name: "org.apache.poi:poi-ooxml"

应导致文档指定的行为：

使用允许选项来自定义哪些依赖项已更新。
DIDENDABOT检查所有允许的依赖项和，然后过滤任何忽略依赖项或版本。因此，通过匹配的依赖性和忽略将被忽略。
[..]。您可以使用以下选项：
dependency -name - 用于允许使用匹配名称的依赖性更新，可选地使用*匹配零或更多字符。对于Java依赖项，依赖项属性的格式为：groupId：artifactid，例如：org.kohsuke：github-api。

组org.apache.poi的第一个依赖性是不允许的，因为您的允许仅指定 artifact poi-ooooxml 。

如果未在中指定中未指定的话，应允许第二个依赖关系。

日志表明必须有一个覆盖 igaine 如文档中所述：

可以通过将它们添加到中，或者在depportabot打开的拉请请求上忽略@depportabot 命令，可以忽略依赖项。

因此，日志状态“不允许”：

2022-06-16T20:41:32.4554747Z Updating org.apache.poi:poi is not allowed
[..]
2022-06-16T20:41:32.4555760Z Updating org.apache.poi:poi-ooxml is not allowed

The allow property of your configuration:

  allow:
    - dependency-name: "org.apache.poi:poi-ooxml"

Should lead to behavior as specified by the docs:

Use the allow option to customize which dependencies are updated.
Dependabot checks for all allowed dependencies and then filters out any ignored dependencies or versions. So a dependency that is matched by both an allow and an ignore will be ignored.
[..]. You can use the following options:
dependency-name - use to allow updates for dependencies with matching names, optionally using * to match zero or more characters. For Java dependencies, the format of the dependency-name attribute is: groupId:artifactId, for example: org.kohsuke:github-api.

The first dependency of group org.apache.poi is not allowed, because your allow specified only the artifact poi-ooxml.

The second dependency should be allowed if not specified in ignore.

The logs indicate that there must be an overriding ignore like explained in the docs:

Dependencies can be ignored either by adding them to ignore or by using the @dependabot ignore command on a pull request opened by Dependabot.

Thus the logs state "not allowed":

2022-06-16T20:41:32.4554747Z Updating org.apache.poi:poi is not allowed
[..]
2022-06-16T20:41:32.4555760Z Updating org.apache.poi:poi-ooxml is not allowed

回复收藏 0 原文

~没有更多了~