Dependabot-core: Per repo PR limits
Feature request to be able to specify a PR limit for an entire Github repository.
The specific use case I have where this would be useful is for Terraform configurations.
Terraform configurations are often structured as one or more git repositories that contain multiple terraform "modules". Our example case which is not a large example contains 170 modules. As a side note we have to generate the configuration file using a script due to the large number.
grep terraform config.yaml | wc -l
170
Because the limit appears to work for each of the individual "update_configs/directories" directives, the first run of dependabot against this repo generated 240+ PR's, along with causing issues hitting GitHub API limits.
As such we have had to disable dependabot for Terraform. I believe a global PR limit for a repo plus a resolution for dependabot/feedback#459, would make dependabot usable for Terraform configurations following this standard pattern. For reference a good overview of the rough structure of our Terraform code can be found here
stevenwilliamson
All 7 comments
This is also relevant when working with Heroku review apps. We just hit the 150 apps per team limit due to a lot of dependabot PR's. By limiting the number of PR's only on the repos with review apps activated we could avoid this issue.
dbackeus
on 26 Aug 2019
Just bumping this request. We work in an org with hundreds of repos, and want to be able to have more pull requests open in a time for certain projects, while keeping a lower limit for other projects.
jmccormick11
on 2 Oct 2019
Any update on this?
It would be pretty useful :)
Looks like a duplicate of https://github.com/dependabot/feedback/issues/384
fabiendem
on 14 Jan 2020
I would like to add another support to this request. I found myself in a situation where I want to set a different rate limit setting for a repository, leaving the others as configured in Dependabot's settings.
imdario
on 19 Jun 2020
This is mostly solved by the new config file: https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit, which allows you to set an open PR limit per repository, per ecosystem.
infin8x
on 2 Jul 2020
@infin8x I'd like to re-open this issue as I am busy discussing using dependabot for the Kubeflow project. Each PR will create an EKS cluster to run testing on, and some repositories have very many folders with dependencies. While it is possible to set a low limit for every folder, having a global maximum PR limit that overrides the per folder limit would help to prevent reaching the 100 cluster EKS limit and prevent the devs from having an overload of PRs. Another option that has been discussed to try and reduce the overhead of dependabot for large projects or repositories is to have dependabot to group multiple dependencies together into a single PR.
Example, here is the dependabot configuration I have created for one of the repositories. https://github.com/DavidSpek/pipelines/blob/dependabot-config/.github/dependabot.yml
DavidSpek
on 27 Jan 2021
I'm no longer on the Dependabot team, sorry. @hmarr can get you pointed in the right direction.
infin8x
on 28 Jan 2021
Related issues
Spomky
路
4Comments
v1sion
路
3Comments
artzag
路
3Comments
byjrack
路
3Comments
rebelagentm
路
3Comments
Most helpful comment
This is also relevant when working with Heroku review apps. We just hit the 150 apps per team limit due to a lot of dependabot PR's. By limiting the number of PR's only on the repos with review apps activated we could avoid this issue.