Hi Michael, This is a good idea to use a label.
Can dependabot PRs be marked as "Draft" PRs? May be another way to prevent. Also, can a comment to the PR be done from the dependabot action? My experience with mergify is that less logic is easier to maintain. Thanks, Mike > -----Original Message----- > From: Michael Kubacki <michael.kuba...@outlook.com> > Sent: Thursday, November 10, 2022 11:53 AM > To: devel@edk2.groups.io; Kinney, Michael D <michael.d.kin...@intel.com>; > mikub...@linux.microsoft.com > Cc: Sean Brogan <sean.bro...@microsoft.com> > Subject: Re: [edk2-devel] [PATCH v1 1/1] .github/dependabot.yml: Enable > dependabot > > Hi Mike, > > One thing that comes to mind, is I can have the PR from dependabot > automatically have a label added (e.g. "do-not-merge") and then update > the mergify configuration to prevent merging of PRs with that label. > > I can also have a comment automatically added to the PR that explains it > is only for reference. > > I made this changes on my fork in the following commits. What do you think? > > - Branch: https://github.com/makubacki/edk2/commits/enable_dependabot > - Commit 1: > https://github.com/makubacki/edk2/commit/7c8331885a9e052084cfdb5d40c845a0efd77248 > - Commit 2: > https://github.com/makubacki/edk2/commit/48be17075903cfc5278fd9bb031b965954d15bbb > > Thanks, > Michael > > On 11/10/2022 11:44 AM, Michael D Kinney wrote: > > Hi Michael, > > > > Thanks. This feature is really useful to help keep our dependencies up to > > date. > > > > For the EDK II Development Process, the PRs produced by dependabot would > > only > > be informative and would never be merged directly. How do we mark these PRs > > so they are never merged directly with a "push" label? > > > > The EDK II Maintainers can monitor these PRs and when there is something > > that > > needs to be updated, a developer can produce patches and send reviews > > with required Signed-off-by and Reviewed-by tags in the commit message. > > > > Thanks, > > > > Mike > > > >> -----Original Message----- > >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael > >> Kubacki > >> Sent: Thursday, November 10, 2022 5:47 AM > >> To: devel@edk2.groups.io > >> Cc: Sean Brogan <sean.bro...@microsoft.com>; Kinney, Michael D > >> <michael.d.kin...@intel.com> > >> Subject: [edk2-devel] [PATCH v1 1/1] .github/dependabot.yml: Enable > >> dependabot > >> > >> From: Michael Kubacki <michael.kuba...@microsoft.com> > >> > >> Enables dependabot in this repo so we can better alerted when > >> dependency updates are available. > >> > >> This GitHub action will automatically create pull requests and > >> summarize the dependency details. Because it is a pull request, > >> the CI system will validate the dependency update in the pull > >> request. > >> > >> Configures dependabot for: > >> > >> 1. PIP module updates > >> 2. Submodule updates > >> 3. GitHub action updates > >> > >> The maintainers/reviewers of the .github directory were added as > >> pull request reviewers so they can be notified when the pull request > >> is available. > >> > >> Cc: Sean Brogan <sean.bro...@microsoft.com> > >> Cc: Michael D Kinney <michael.d.kin...@intel.com> > >> Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com> > >> --- > >> > >> Notes: > >> An example of the pull requests created by this change > >> are available on my edk2 fork: > >> > >> https://github.com/makubacki/edk2/pulls > >> > >> .github/dependabot.yml | 45 ++++++++++++++++++++ > >> 1 file changed, 45 insertions(+) > >> > >> diff --git a/.github/dependabot.yml b/.github/dependabot.yml > >> new file mode 100644 > >> index 000000000000..7f405721fd3d > >> --- /dev/null > >> +++ b/.github/dependabot.yml > >> @@ -0,0 +1,45 @@ > >> +## @file > >> +# Dependabot configuration file to enable GitHub services for managing > >> and updating > >> +# dependencies. > >> +# > >> +# Copyright (c) Microsoft Corporation. > >> +# SPDX-License-Identifier: BSD-2-Clause-Patent > >> +# > >> +# Please see the documentation for all configuration options: > >> +# > >> https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates > >> +## > >> +version: 2 > >> +updates: > >> + - package-ecosystem: "pip" > >> + directory: "/" > >> + schedule: > >> + interval: "daily" > >> + commit-message: > >> + prefix: "pip" > >> + reviewers: > >> + - "makubacki" > >> + - "mdkinney" > >> + - "spbrogan" > >> + > >> + - package-ecosystem: "gitsubmodule" > >> + directory: "/" > >> + schedule: > >> + interval: "daily" > >> + commit-message: > >> + prefix: "submodule" > >> + reviewers: > >> + - "makubacki" > >> + - "mdkinney" > >> + - "spbrogan" > >> + > >> + - package-ecosystem: "github-actions" > >> + directory: "/" > >> + schedule: > >> + interval: "weekly" > >> + day: "monday" > >> + commit-message: > >> + prefix: "GitHub Action" > >> + reviewers: > >> + - "makubacki" > >> + - "mdkinney" > >> + - "spbrogan" > >> -- > >> 2.28.0.windows.1 > >> > >> > >> > >> -=-=-=-=-=-= > >> Groups.io Links: You receive all messages sent to this group. > >> View/Reply Online (#96187): https://edk2.groups.io/g/devel/message/96187 > >> Mute This Topic: https://groups.io/mt/94935824/1643496 > >> Group Owner: devel+ow...@edk2.groups.io > >> Unsubscribe: https://edk2.groups.io/g/devel/unsub > >> [michael.d.kin...@intel.com] > >> -=-=-=-=-=-= > >> > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#96208): https://edk2.groups.io/g/devel/message/96208 Mute This Topic: https://groups.io/mt/94935824/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
