disable dependabot PRs for github repos that are gerrit mirrors

Description

GitHub recently enabled dependabot which automatically sends PRs to bump versions of libraries that received security updates.

In our case, a lot of repos are just mirrors of gerrit repos so no PRs need to be sent there.
This ticket is to disable dependabot on such repos. Some examples:
https://github.com/oVirt/ovirt-engine/pulls
https://github.com/oVirt/jenkins/pulls
https://github.com/oVirt/ovirt-vdsmfake/pulls

To disable these PRs it is enough to go to the security tab of the mirror project and unclick the checkbox in the "Automatic serurity updates" menu

Activity

Show:

Evgheni Dereveanchin

March 11, 2020, 9:54 AM

Copy link to comment

This means you don’t have admin right on the oVirt organization. Please share your github handle and I’ll add you.

Krapali Rai

March 11, 2020, 1:19 PM

Copy link to comment

Hi ,

My github handle is

Krapali Rai

March 11, 2020, 2:13 PM

Copy link to comment

Disabled dependabot on below repos:
https://github.com/oVirt/ovirt-engine/pulls
https://github.com/oVirt/jenkins/pulls
https://github.com/oVirt/ovirt-vdsmfake/pulls

Evgheni Dereveanchin

March 11, 2020, 2:26 PM

Edited

Copy link to comment

Thanks! When you have time - could you look through all the repos at that are marked as “This is a mirror for http://gerrit.ovirt.org“ and disable auto-PRs there? We should also update the docs on creating github mirrors to disable this feature upon creation of any new mirror repo.

This is a low-priority task at the moment.

Krapali Rai

March 16, 2020, 1:31 PM

Copy link to comment

Disabled dependabot all repos that are marked as “This is a mirror for http://gerrit.ovirt.org“.

Fixed

Assignee

Krapali Rai

Reporter

Evgheni Dereveanchin

Blocked By

None

Priority

Low

Configure

All Projects

disable dependabot PRs for github repos that are gerrit mirrors

Description

Activity

Assignee

Reporter

Blocked By

Priority