.github/dependabot.yml: disable eager updates for Go.

Given our development cycle, we'll instead do big-bang updates
after every release, to give time for all the updates to soak in
unstable.

This does _not_ disable dependabot security-critical PRs.

Signed-off-by: David Anderson <danderson@tailscale.com>
pull/3536/head
David Anderson 3 years ago committed by Dave Anderson
parent c0701b130d
commit 9f867ad2c5

@ -2,13 +2,17 @@
# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates # https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
version: 2 version: 2
updates: updates:
- package-ecosystem: "gomod" ## Disabled between releases. We reenable it briefly after every
directory: "/" ## stable release, pull in all changes, and close it again so that
schedule: ## the tree remains more stable during development and the upstream
interval: "daily" ## changes have time to soak before the next release.
commit-message: # - package-ecosystem: "gomod"
prefix: "go.mod:" # directory: "/"
open-pull-requests-limit: 100 # schedule:
# interval: "daily"
# commit-message:
# prefix: "go.mod:"
# open-pull-requests-limit: 100
- package-ecosystem: "github-actions" - package-ecosystem: "github-actions"
directory: "/" directory: "/"
schedule: schedule:

Loading…
Cancel
Save