disable dependabot PRs for github repos that are gerrit mirrors

Description

GitHub recently enabled dependabot which automatically sends PRs to bump versions of libraries that received security updates.

In our case, a lot of repos are just mirrors of gerrit repos so no PRs need to be sent there.
This ticket is to disable dependabot on such repos. Some examples:
https://github.com/oVirt/ovirt-engine/pulls
https://github.com/oVirt/jenkins/pulls
https://github.com/oVirt/ovirt-vdsmfake/pulls

To disable these PRs it is enough to go to the security tab of the mirror project and unclick the checkbox in the "Automatic serurity updates" menu

Activity

Show:
Evgheni Dereveanchin
March 11, 2020, 9:54 AM

This means you don’t have admin right on the oVirt organization. Please share your github handle and I’ll add you.

Krapali Rai
March 11, 2020, 1:19 PM

Hi ,

My github handle is

 

Krapali Rai
March 11, 2020, 2:13 PM
Evgheni Dereveanchin
March 11, 2020, 2:26 PM
Edited

Thanks! When you have time - could you look through all the repos at that are marked as “This is a mirror for http://gerrit.ovirt.org“ and disable auto-PRs there? We should also update the docs on creating github mirrors to disable this feature upon creation of any new mirror repo.

 

This is a low-priority task at the moment.

Krapali Rai
March 16, 2020, 1:31 PM

Disabled dependabot all repos that are marked as “This is a mirror for http://gerrit.ovirt.org“.

 

Fixed

Assignee

Krapali Rai

Reporter

Evgheni Dereveanchin

Blocked By

None

Priority

Low
Configure