janhoy commented on code in PR #2880: URL: https://github.com/apache/solr/pull/2880#discussion_r1862722863
########## .github/dependabot.yml: ########## @@ -0,0 +1,83 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + # 1. Security updates (daily, no PR limit) + # This configuration is used for security-critical dependency updates. + - package-ecosystem: "gradle" + directory: "/" + # Add target-branch as a workaround to allow two configurations of + # the same package-ecosystem, directory and branch + target-branch: main + schedule: + interval: "daily" + commit-message: + prefix: "[SECURITY]" + labels: + - "dependencies" + - "cat:security" + groups: + all-dependencies: + applies-to: security-updates + patterns: + - "*" + + # 2. Non-security updates (bi-weekly, max 100 PRs) + # This configuration is used for regular dependency updates. + - package-ecosystem: "gradle" + directory: "/" + schedule: + interval: "weekly" + day: + - "tuesday" + - "friday" + commit-message: + prefix: "[DEPENDENCY]" + labels: + - "dependencies" + open-pull-requests-limit: 100 Review Comment: ```suggestion open-pull-requests-limit: 10 ``` Dependabot has no way to set a daily PR rate limit like renovatebot has. So I suggest we start with a lower limit in the beginning, and then increase it when we know that is what we want. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
