improv(deps): Decrease the update schedule of aws-cdk and aws-sdk-v3 group in dependabot #4290
Conversation
…d aws-cdk package groups
|
Is there a way to test this before we merge or do we we have to wait a week to see? |
|
As far as I know we can only put the Dependabot config in another test repo's main branch and it'll tell us if the config is valid or not. Beyond that, we'll have to wait for a few days to see if it behaves the way we think. |
|
I was considering this for Python a while ago because I wanted to mitigate the bumps with boto3/stubs as well, but I gave up because of this: dependabot/dependabot-core#1778. I didn't test it at the time and simply gave up, but it seems like this type of configuration isn't valid. But I could be wrong. |
It seems to work now. I saw a similar PR merged into another repository: Enterprise-CMCS/cmcs-eregulations#1773 |
|
I see, thanks for sharing. Agree that I've also seen many quirks with Dependabot over time. I think for this type of CI change it's safe to try merging it and see if it works. If it doesn't, we can always reopen the issue and revert it. Worst things that can happen are that Dependabot continues opening PRs daily or stops entirely, which we'll be able to see from the logs. |
|
Yeah, agreed. |
|
Summary
Updated the
dependabotconfig to limit the frequency of checking for updates for theaws-cdkandaws-sdk-v3groupsChanges
The dependabot config didn't support having
schedulewithin groups. So, I had to do a workaround by creating twopackage-ecosystemconfigs. The first config set with daily updates ignores theaws-cdkandaws-sdk-v3related dependency and the second config set with weekly updates only allows those dependencies.Issue number: closes #4288
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.