chore: Disable dependabot on konflux.Dockerfile-s#19802
chore: Disable dependabot on konflux.Dockerfile-s#19802
Conversation
|
Skipping CI for Draft Pull Request. |
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- If the intent is to exclude all
konflux*.Dockerfilefiles repo-wide, consider adding a singleexclude-pathsentry at the highest applicable Docker ecosystem configuration instead of repeating the same pattern across multiple directories to reduce duplication. - Double-check whether there are any
konflux*.Dockerfilefiles outside the listed directories; if so and they should also be ignored by Dependabot, those paths or a broader glob may need to be added here as well.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- If the intent is to exclude all `konflux*.Dockerfile` files repo-wide, consider adding a single `exclude-paths` entry at the highest applicable Docker ecosystem configuration instead of repeating the same pattern across multiple directories to reduce duplication.
- Double-check whether there are any `konflux*.Dockerfile` files outside the listed directories; if so and they should also be ignored by Dependabot, those paths or a broader glob may need to be added here as well.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
📝 WalkthroughWalkthroughThis change adds exclusion patterns to Dependabot's Docker package ecosystem configuration, preventing updates for Dockerfile paths matching Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/dependabot.yaml (1)
284-284: Consider adding a one-line rationale comment next to the first exclusion.This will make the Dependabot/Renovate ownership split explicit and reduce future confusion.
Suggested small clarification
- package-ecosystem: 'docker' directory: 'operator/' + # konflux*.Dockerfile updates are handled by Renovate's dockerfile manager. exclude-paths: [ '**/konflux*.Dockerfile' ]🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/dependabot.yaml at line 284, Add a one-line YAML comment explaining why the exclusion '**/konflux*.Dockerfile' exists next to the exclude-paths entry to make the Dependabot/Renovate ownership split explicit; update the exclude-paths: [ '**/konflux*.Dockerfile' ] line by appending a brief comment (using #) that states the rationale (e.g., ownership split or handled by Renovate) so future readers understand why this pattern is excluded.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/dependabot.yaml:
- Line 284: Add a one-line YAML comment explaining why the exclusion
'**/konflux*.Dockerfile' exists next to the exclude-paths entry to make the
Dependabot/Renovate ownership split explicit; update the exclude-paths: [
'**/konflux*.Dockerfile' ] line by appending a brief comment (using #) that
states the rationale (e.g., ownership split or handled by Renovate) so future
readers understand why this pattern is excluded.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: 3bee062e-ca0d-4edf-8275-6eb8bcd8c0f5
📒 Files selected for processing (1)
.github/dependabot.yaml
|
/konflux-retest central-db-on-push |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #19802 +/- ##
=======================================
Coverage 49.59% 49.60%
=======================================
Files 2763 2763
Lines 208167 208181 +14
=======================================
+ Hits 103250 103262 +12
- Misses 97252 97254 +2
Partials 7665 7665
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
🚀 Build Images ReadyImages are ready for commit df1c226. To use with deploy scripts: export MAIN_IMAGE_TAG=4.11.x-543-gdf1c2261a7 |
|
/konflux-retest operator-on-push |
|
/konflux-retest operator-bundle-on-push |
3 similar comments
|
/konflux-retest operator-bundle-on-push |
|
/konflux-retest operator-bundle-on-push |
|
/konflux-retest operator-bundle-on-push |
|
@msugakov: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Description
After noticing these PRs:
1fc04e8to9e6e193in /operator #1978469f5c98to83006d5in /scanner/image/scanner #1978569f5c98to83006d5in /image/rhel #19786We don't need Dependabot to bother about konflux.Dockerfile-s because these are maintained by MintMaker.
I don't know what's changed around dependabot that it began opening those.
Thread for discussion: https://redhat-internal.slack.com/archives/C05TS9N0S7L/p1775143800950659
Used this https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference?learn=dependency_version_updates&learnProduct=code-security#exclude-paths-
User-facing documentation
Testing and quality
Automated testing
No change.
How I validated my change
GitHub seems to validate the file automatically. E.g. https://github.com/stackrox/stackrox/pull/19802/checks?check_run_id=69727150660