1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

Disable dependabot for auto-request-review for now

because you have to manually update the version tag comment.
It feels unsafe to trust third party git tags when you need to pass
MATZBOT_GITHUB_TOKEN to it. Git commit sha alone isn't human-readable
and I'm reluctant to remove the comment either. It doesn't seem worth
the effort to review changes for every release of this action.
This commit is contained in:
Takashi Kokubun 2022-10-16 22:47:49 -07:00
parent bfc6c1f1cb
commit b7de04d161
No known key found for this signature in database
GPG key ID: 6FFC433B12EE23DD
2 changed files with 4 additions and 1 deletions

View file

@ -4,3 +4,6 @@ updates:
directory: '/' directory: '/'
schedule: schedule:
interval: 'weekly' interval: 'weekly'
ignore:
# It doesn't update the version comment for us
- dependency-name: 'necojackarc/auto-request-review'

View file

@ -8,7 +8,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Request review based on files changes and/or groups the author belongs to - name: Request review based on files changes and/or groups the author belongs to
uses: necojackarc/auto-request-review@b5e81876454003a4ccb9b89cb205c67d77d7035b # v0.7.0, checking sha uses: necojackarc/auto-request-review@b5e81876454003a4ccb9b89cb205c67d77d7035b # v0.8.0, checking sha
with: with:
# scope: public_repo # scope: public_repo
token: ${{ secrets.MATZBOT_GITHUB_TOKEN }} token: ${{ secrets.MATZBOT_GITHUB_TOKEN }}