Dependabot-core: Does dependabot poll private repositories in live mode?
Description
We have 4 repositories under the same organization with dependabot configured to get auto-updates of dependencies on package.json. We are publishing new versions of packages being used on those package.json every day.
Seems dependabot is running a daily (around 6AM) update even though the configuration we are using for update_schedule is live.
Questions
- Does
dependabotpolls private repositories?
- If so, how often when using
live_update_schedule_?
- If so, how often when using
- Is there something else missing to make it work as expected?
Details
Dependabot's configuration:
version: 1
update_configs:
- package_manager: "javascript"
directory: "/"
update_schedule: "live"
allowed_updates:
- match:
update_type: "all"
dependency_type: "direct"
automerged_updates:
- match:
update_type: "in_range"
version_requirement_updates: "off"
commit_message:
prefix: "chore"
Dependabot's settings:
Thanks
oscard0m
All 2 comments
@dominguezcelada hey Dependabot currently doesn't poll private registries and runs daily. It's only responding to the public changes feed from npm. We would love to add support for live updates from private registries in future, specifically GitHub packages.
feelepxyz
on 10 Feb 2020
👍5
Think this should be made more clear on the website, took me ages to find this.
AyuubAdan
on 25 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
exequiel09
路
4Comments
Spomky
路
4Comments
kubawerlos
路
3Comments
bennycode
路
3Comments
byjrack
路
3Comments
Most helpful comment
@dominguezcelada hey Dependabot currently doesn't poll private registries and runs daily. It's only responding to the public changes feed from npm. We would love to add support for live updates from private registries in future, specifically GitHub packages.