Dependabot-core: How to disable for a fork?

Created on 30 Nov 2020  路  4Comments  路  Source: dependabot/dependabot-core

I enabled Dependabot for a fork (https://github.com/hugovk/pytest), to make sure it was working smoothly before creating a PR to add it upstream (https://github.com/pytest-dev/pytest). Upstream is now using it, it's working well, thanks!

However, I now want to disable Dependabot for my fork but cannot find a way.

https://app.dependabot.com/accounts/hugovk says:

You've successfully migrated pytest to GitHub 馃帀

image

At https://github.com/settings/installations/8631454, Dependabot Preview only has access to other repos:

image

At https://github.com/hugovk/pytest/settings/security_analysis I have everything disabled:

image

Deleting https://github.com/hugovk/pytest/blob/master/.github/dependabot.yml is not an option, because this is a fork, and it needs to be kept in sync with upstream.

How can I disable Dependabot for my fork?

Package manager/ecosystem

Python

Manifest contents prior to update

version: 2
updates:
- package-ecosystem: pip
  directory: "/testing/plugins_integration"
  schedule:
    interval: weekly
    time: "03:00"
  open-pull-requests-limit: 10
  allow:
  - dependency-type: direct
  - dependency-type: indirect

https://github.com/hugovk/pytest/blob/master/.github/dependabot.yml
https://github.com/hugovk/pytest/blob/master/testing/plugins_integration/requirements.txt

bug 馃悶
Source
picture hugovk
👍12

Most helpful comment

@patcon we'll get to it in the next couple of months :/ going to bump it up again with the team and see if we can get to it sooner.

picture feelepxyz on 29 Jan 2021
4 😕3

All 4 comments

This is happening in CPython repo as well which has 17K forks. It would help us greatly if dependabot can be disabled in forks. Thanks.

Mariatta picture Mariatta on 1 Dec 2020
👍4

We're aware of this issue and planning a fix. The workaround for now is to delete the fork and re-create it without enabling Dependabot security updates. Dependabot version updates (setup from config file) isn't enabled by default on new forks but will be if security updates has ever been turned on and since disabled.

feelepxyz picture feelepxyz on 3 Dec 2020
👍4

Thanks for clearly communicating! Any "ish" timeline on this?

(I have unrelated issues in the forks, so deleting and recreating isn't quite as easy as it could be.)

patcon picture patcon on 26 Jan 2021

@patcon we'll get to it in the next couple of months :/ going to bump it up again with the team and see if we can get to it sooner.

feelepxyz picture feelepxyz on 29 Jan 2021
4 😕3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bennycode picture bennycode  路  3Comments
tjwallace picture tjwallace  路  3Comments
v1sion picture v1sion  路  3Comments
kubawerlos picture kubawerlos  路  3Comments
exequiel09 picture exequiel09  路  4Comments