Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Opt-in Dependabot version update configuration #94

Closed
svengreb opened this issue May 5, 2022 · 0 comments · Fixed by #95
Closed

Opt-in Dependabot version update configuration #94

svengreb opened this issue May 5, 2022 · 0 comments · Fixed by #95
Labels
context-techstack scope-dx scope-maintainability target-base type-improvement
Milestone
0.11.0

Comments

@svengreb
Copy link
Owner

svengreb commented May 5, 2022

The .github/dependabot.yml Dependabot configuration file for automation version updates that was introduced in #52 often causes a lot of PR noise and does not really help since updates also often require more action than just a bump of the version number itself like migration steps or adjustments to changes (e.g. APIs or deprecated implementations). Since Dependabot is not able to fulfill this and only does a stupid increase of the version number it often creates more work than it helps. The result are often hundreds of notifications and more digital noise for developers and maintainers without any real benefit since version & security updates are done on a regular schedule by maintainers who know what they are doing and how modern software should be maintained.
Therefore the .github/dependabot.yml file will be renamed to .github/dependabot.tmpl.yml to disable Dependabot for this repository while still allowing repositories that are based on this template repository to opt-in.
@svengreb svengreb added this to the Next milestone May 5, 2022
@svengreb svengreb self-assigned this May 5, 2022
@svengreb svengreb modified the milestone: version-next May 5, 2022
svengreb added a commit that referenced this issue May 5, 2022
@svengreb
Opt-in Dependabot version update configuration
6e52790 
The `.github/dependabot.yml` Dependabot configuration file [2] for
automation version updates [1] that was introduced in GH-52 [3] often
causes a lot of PR noise and does not really help since updates also
often require more action than just a bump of the version number itself
like migration steps or adjustments to changes (e.g. APIs or deprecated
implementations). Since Dependabot is not able to fulfill this and only
does a stupid increase of the version number it often creates more work
than it helps. The result are often hundreds of notifications and more
digital noise for developers and maintainers without any real benefit
since version & security updates are done on a regular schedule by
maintainers who know what they are doing and how modern software should
be maintained.
Therefore the `.github/dependabot.yml` file has been renamed to
`.github/dependabot.tmpl.yml` to disable Dependabot for this repository
while still allowing repositories that are based on this template
repository to opt-in.

[1]: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
[2]: https://github.com/svengreb/tmpl/blob/32925a1f/.github/dependabot.yml
[3]: #52

GH-94
@svengreb svengreb mentioned this issue May 5, 2022
Merged
svengreb added a commit that referenced this issue May 5, 2022
@svengreb
Opt-in Dependabot version update configuration (#95)
d34de53 
The `.github/dependabot.yml` Dependabot configuration file [2] for
automation version updates [1] that was introduced in GH-52 [3] often
causes a lot of PR noise and does not really help since updates also
often require more action than just a bump of the version number itself
like migration steps or adjustments to changes (e.g. APIs or deprecated
implementations). Since Dependabot is not able to fulfill this and only
does a stupid increase of the version number it often creates more work
than it helps. The result are often hundreds of notifications and more
digital noise for developers and maintainers without any real benefit
since version & security updates are done on a regular schedule by
maintainers who know what they are doing and how modern software should
be maintained.
Therefore the `.github/dependabot.yml` file has been renamed to
`.github/dependabot.tmpl.yml` to disable Dependabot for this repository
while still allowing repositories that are based on this template
repository to opt-in.

[1]: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
[2]: https://github.com/svengreb/tmpl/blob/32925a1f/.github/dependabot.yml
[3]: #52

GH-94
@svengreb svengreb removed their assignment May 5, 2022
@svengreb svengreb mentioned this issue May 8, 2022
Closed
svengreb added a commit to svengreb/tmpl-go that referenced this issue May 8, 2022
@svengreb
Update to tmpl template repository version 0.11.0
069e9ed 
Updated to `tmpl` version `0.11.0` [1] which comes with...

1. an opt-in Dependabot version update configuration [2] - this disabled
   the `.github/dependabot.yml` file [3] in order to remove the PR noise
   and reduce the maintenance overhead. Dependency updates will be made
   by keeping up-to-date with new `tmpl` repository versions instead
   which take care of this.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: svengreb/tmpl#94
[3]: https://github.com/svengreb/tmpl-go/blob/39cf0b85/.github/dependabot.yml

GH-91
svengreb added a commit to svengreb/tmpl-go that referenced this issue May 8, 2022
@svengreb
Update to tmpl template repository version 0.11.0 (#92)
ff40ade 
Updated to `tmpl` version `0.11.0` [1] which comes with...

1. an opt-in Dependabot version update configuration [2] - this disabled
   the `.github/dependabot.yml` file [3] in order to remove the PR noise
   and reduce the maintenance overhead. Dependency updates will be made
   by keeping up-to-date with new `tmpl` repository versions instead
   which take care of this.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: svengreb/tmpl#94
[3]: https://github.com/svengreb/tmpl-go/blob/39cf0b85/.github/dependabot.yml

GH-91
@svengreb svengreb mentioned this issue May 10, 2022
Closed
arcticicestudio pushed a commit to svengreb/styleguide-markdown that referenced this issue May 10, 2022
@svengreb
Update to tmpl template repository version 0.11.0
4ac36b2 
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
svengreb added a commit to svengreb/styleguide-markdown that referenced this issue May 10, 2022
@svengreb
Update to tmpl template repository version 0.11.0 (#62)
1641a0b 
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
arcticicestudio pushed a commit to svengreb/styleguide-markdown that referenced this issue May 10, 2022
@svengreb
Update to tmpl template repository version 0.11.0 (#62)
9e3e62e 
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
@svengreb svengreb mentioned this issue May 12, 2022
Closed
arcticicestudio pushed a commit to svengreb/styleguide-markdown that referenced this issue May 12, 2022
@svengreb
Update to tmpl template repository version 0.11.0 (#62)
468748f 
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
arcticicestudio pushed a commit to svengreb/styleguide-markdown that referenced this issue May 12, 2022
@svengreb
Update to tmpl template repository version 0.11.0 (#62)
ecb646b 
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
arcticicestudio pushed a commit to svengreb/styleguide-markdown that referenced this issue May 12, 2022
@svengreb
Update to tmpl template repository version 0.11.0 (#62)
c3c8961 
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-61
arcticicestudio pushed a commit to svengreb/styleguide-javascript that referenced this issue May 12, 2022
@svengreb
Update to tmpl template repository version 0.11.0
51155fd 
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].
4. Migrated to Markdown style guide version 0.4.0 [6].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94
[6]: svengreb/tmpl#76

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83

GH-86
arcticicestudio pushed a commit to svengreb/styleguide-javascript that referenced this issue May 12, 2022
@svengreb
Update to tmpl template repository version 0.11.0 (#87)
cacc9fa 
Updated to `tmpl` version `0.11.0` [1], including the versions in
between starting from 0.10.0 [2]:

1. Optimized GitHub action workflow scope [3].
2. Updated Node.js packages & GitHub actions [4] [^1] [^2].
3. Opts-in the Dependabot version update configuration [5].
4. Migrated to Markdown style guide version 0.4.0 [6].

This also includes changes required for any linter matches.

[1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0
[2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0
[3]: svengreb/tmpl#84
[4]: svengreb/tmpl#86
[5]: svengreb/tmpl#94
[6]: svengreb/tmpl#76

[^1]: svengreb/tmpl#78
[^2]: svengreb/tmpl#83


Co-authored-by: Sven Greb <[email protected]>

GH-86
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
context-techstack scope-dx scope-maintainability target-base type-improvement
Projects
None yet
Milestone
0.11.0
Development

Successfully merging a pull request may close this issue.

Opt-in Dependabot version update configuration svengreb/tmpl
1 participant
@svengreb