mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
Disable dependabot for auto-request-review for now
because you have to manually update the version tag comment. It feels unsafe to trust third party git tags when you need to pass MATZBOT_GITHUB_TOKEN to it. Git commit sha alone isn't human-readable and I'm reluctant to remove the comment either. It doesn't seem worth the effort to review changes for every release of this action.
This commit is contained in:
Takashi Kokubun
parent
bfc6c1f1cb
commit
b7de04d161
2 changed files with 4 additions and 1 deletions
3
.github/dependabot.yml
vendored
3
.github/dependabot.yml
vendored
|
|
@ -4,3 +4,6 @@ updates:
|
|||
directory: '/'
|
||||
schedule:
|
||||
interval: 'weekly'
|
||||
ignore:
|
||||
# It doesn't update the version comment for us
|
||||
- dependency-name: 'necojackarc/auto-request-review'
|
||||
|
|
|
|||
2
.github/workflows/auto_request_review.yml
vendored
2
.github/workflows/auto_request_review.yml
vendored
|
|
@ -8,7 +8,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Request review based on files changes and/or groups the author belongs to
|
||||
uses: necojackarc/auto-request-review@b5e81876454003a4ccb9b89cb205c67d77d7035b # v0.7.0, checking sha
|
||||
uses: necojackarc/auto-request-review@b5e81876454003a4ccb9b89cb205c67d77d7035b # v0.8.0, checking sha
|
||||
with:
|
||||
# scope: public_repo
|
||||
token: ${{ secrets.MATZBOT_GITHUB_TOKEN }}
|
||||
|
|
|
|||
Loading…
Reference in a new issue