Evgheni Dereveanchin created OVIRT-2870:
-------------------------------------------
Summary: disable dependabot PRs for github repos that are gerrit
mirrors
Key: OVIRT-2870
URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2870
Project: oVirt - virtualization made easy
Issue Type: Outage
Reporter: Evgheni Dereveanchin
Assignee: infra
GitHub recently enabled dependabot which automatically sends PRs to bump
versions of libraries that received security updates.
In our case, a lot of repos are just mirrors of gerrit repos so no PRs need to
be sent there.
This ticket is to disable dependabot on such repos. Some examples:
https://github.com/oVirt/ovirt-engine/pulls
https://github.com/oVirt/jenkins/pulls
https://github.com/oVirt/ovirt-vdsmfake/pulls
To disable these PRs it is enough to go to the security tab of the mirror
project and unclick the checkbox in the "Automatic serurity updates" menu
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100121)
_______________________________________________
Infra mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/[email protected]/message/S2NVTH7SHOIW4WVZ7FNOYNULZ5V3HNCY/
