scorecard icon indicating copy to clipboard operation
scorecard copied to clipboard
verified publisher icon ossf

Move to Renovate instead of GH Dependabot

Open naveensrinivasan opened this issue 3 years ago • 1 comments

Is your feature request related to a problem? Please describe.

  • We have lots of PRs from Dependabot. This makes it harder to maintain renovate seems to have an option to combine many of these into 1 single PR.
  • Our actions run into rate limiting because at the moment we have about 10-12 Dependabot PRs and every time we merge one we run into every other PR rebase and in turn that causes all our actions to run.
  • Recently https://github.com/slsa-framework https://github.com/slsa-framework/slsa-github-generator started using this to avoid this many PR's.

naveensrinivasan avatar Jul 13 '22 18:07 naveensrinivasan

Is this still something we're considering? Dependabot doesn't appear to have an ETA for the feature https://github.com/github/roadmap/issues/148

spencerschrock avatar Sep 21 '22 19:09 spencerschrock

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] avatar Sep 27 '23 01:09 github-actions[bot]

Note: Grouped updates are a thing for dependabot now, just not across ecosystems (e.g. we'll have one update for our go.mod and one update for our tools/go.mod)

spencerschrock avatar Sep 27 '23 15:09 spencerschrock

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] avatar Dec 15 '23 01:12 github-actions[bot]