From e45ea25070a089663c3f376221e396df549c6ab8 Mon Sep 17 00:00:00 2001 From: Eliah Kagan Date: Sun, 10 Nov 2024 23:23:23 -0500 Subject: [PATCH] Remove the old disabled Dependabot configuration In the past (#143), Dependabot version updates had been used to keep `cargo` dependencies up to date. This was removed in favor of doing manual updates based on automatic reports from `cargo deny` and the old `dependabot.yml` was kept but renamed to disable it and point people to #144 to learn about the change. Since then, Dependabot security updates, which are distinct from Dependabot version updates, were enabled (see #1254), and later, Dependabot version updates were reintroduced for GitHub Actions only (#1357). At that point, there were two Dependabot-related YAML files: the old disabled one, and the new one for GHA. This removes the old one, explaining the situation in a comment in the new one, including a link to #144. While doing so, this also adjusts the YAML code style there, to bring it in line with the style of most other YAML files in the repository. --- .github/dependabot.yml | 17 ++++++++++------- .github/dependabot.yml.disabled-see-issue-144 | 8 -------- 2 files changed, 10 insertions(+), 15 deletions(-) delete mode 100644 .github/dependabot.yml.disabled-see-issue-144 diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ce30635aa48..cf081ea3ae5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,9 +1,12 @@ version: 2 updates: -- package-ecosystem: github-actions - directory: "/" - schedule: - interval: weekly - groups: - github-actions: - patterns: ["*"] + # We only use Dependabot *version* updates for GitHub Actions. Rust dependencies are checked via + # `cargo deny` and manually updated (see https://github.com/GitoxideLabs/gitoxide/issues/144), or + # by Dependabot *security* updates (which don't need the `cargo` ecosystem to be listed here). + - package-ecosystem: github-actions + directory: '/' + schedule: + interval: weekly + groups: + github-actions: + patterns: ['*'] diff --git a/.github/dependabot.yml.disabled-see-issue-144 b/.github/dependabot.yml.disabled-see-issue-144 deleted file mode 100644 index c33c8bd8190..00000000000 --- a/.github/dependabot.yml.disabled-see-issue-144 +++ /dev/null @@ -1,8 +0,0 @@ -version: 2 -updates: -- package-ecosystem: cargo - directory: "/" - schedule: - interval: daily - time: "21:00" - open-pull-requests-limit: 10