Dependabot-core: Project specific configuration for "Automatic PR rebases"

Created on 24 Jul 2018 · 14Comments · Source: dependabot/dependabot-core

I would like to turn on "Automatic PR rebases" for specific projects, not at the global level. Automatic rebasing fits some of our project workflows, but not all. Because of that, we have it disable across the board. I would really like to be able to enable this at the project level.

Source

codebycliff

👍13 ❤2

Most helpful comment

@codebycliff, unfortunately not much, none of the changes required are in the open-source component dependabot-core and will need a few DB migrations. It's part of our plan to deprecate the existing Dependabot dashboard and move all settings to the config file.

feelepxyz on 10 Jan 2020

👍2

All 14 comments

That makes sense to me, and shouldn't be too hard to shift down to the per repo level. I've been swamped getting Go support out, but should have some time to implement it over the next couple of weeks.

greysteil on 26 Jul 2018

👍2

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within seven days. Thank you for your contributions.

stale[bot] on 23 Oct 2019

@greysteil, have you made any progress on this? If not, do you have an idea of where to start if I was to look at contributing?

This is particularly a concern when using paid for CI solutions. Dependabot re-running CI checks without a direct prompt can start to bump up the cost of CI.

TomasBarry on 9 Jan 2020

I just asked this question on another related issue: https://github.com/dependabot/feedback/issues/542. I'd like to know this as well.

codebycliff on 9 Jan 2020

I don't work on Dependabot anymore, or as a developer, so @feelepxyz and team are better placed to answer this one.

greysteil on 9 Jan 2020

@codebycliff 👋 we're planning on moving account-level settings to repo level config files. Haven't set out any timeline for this but hopefully happening in the next few months.

feelepxyz on 9 Jan 2020

Thanks for the reply. Looking forward to it. Is there anything I or anyone else can do to assist in getting this feature out?

codebycliff on 9 Jan 2020

feelepxyz on 10 Jan 2020

👍2

Thanks, @greysteil and @feelepxyz.

TomasBarry on 10 Jan 2020

@feelepxyz Thanks for the update you provided on January 10th. Anything further to share since it's been a few months?

joshuacc on 12 May 2020

We've just launched a beta of Dependabot native to GitHub: https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/

You can set the rebase-strategy using the config file per package manager: https://help.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy

FYI - there's currently no support for private registries or private git dependencies. We're working on adding support for this over the next few months.

feelepxyz on 3 Jun 2020

FYI - there's currently no support for private registries or private git dependencies. We're working on adding support for this over the next few months.

Is there a place I can track this, this is preventing us from migrating because we use private repo as submodules a lot

sfdye on 19 Jun 2020

Is there a place I can track this, this is preventing us from migrating because we use private repo as submodules a lot

You can track this issue: https://github.com/dependabot/dependabot-core/issues/1902

Our main focus for the next few months is adding support for private git repos and private registries. We'll be attempting to automatically migrate your account when it's ready by opening a PR with the updated config file.

feelepxyz on 19 Jun 2020

👍1

Closing this as the rebase-strategy is available in GitHub-native Dependabot: https://help.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy