.github/dependabot.yml: disable eager updates for Go.
Given our development cycle, we'll instead do big-bang updates after every release, to give time for all the updates to soak in unstable. This does _not_ disable dependabot security-critical PRs. Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
parent
c0701b130d
commit
9f867ad2c5
|
@ -2,13 +2,17 @@
|
|||
# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
|
||||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: "gomod"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
commit-message:
|
||||
prefix: "go.mod:"
|
||||
open-pull-requests-limit: 100
|
||||
## Disabled between releases. We reenable it briefly after every
|
||||
## stable release, pull in all changes, and close it again so that
|
||||
## the tree remains more stable during development and the upstream
|
||||
## changes have time to soak before the next release.
|
||||
# - package-ecosystem: "gomod"
|
||||
# directory: "/"
|
||||
# schedule:
|
||||
# interval: "daily"
|
||||
# commit-message:
|
||||
# prefix: "go.mod:"
|
||||
# open-pull-requests-limit: 100
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
|
|
Loading…
Reference in New Issue