Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot does not respect open pull request limit #1460

Open
Patrick-3000 opened this issue Nov 14, 2024 · 2 comments · May be fixed by #1461
Open

Dependabot does not respect open pull request limit #1460

Patrick-3000 opened this issue Nov 14, 2024 · 2 comments · May be fixed by #1461

Comments

@Patrick-3000
Copy link

We upgraded from Dependabot version 1 to version 2. Since then, Dependabot does not respect the

open-pull-requests-limit: 20

for npm ecosystem and created yesterday 135 PRs.
@sgabler-solytic
Copy link

Same for us. We are in the nuget ecosystem. 1 PR should be created, but 25 got created.

run-dependabot.yml

# Docs: https://marketplace.visualstudio.com/items?itemName=tingle-software.dependabot
# - also check out the related file in .azuredevops/dependabot.yml
trigger: none # Disable CI trigger

schedules:
  - cron: '30 6 * * 1-5'
    always: true
    branches:
      include:
        - develop
    batch: true
    displayName: Run dependabot every weekday

jobs:
  - job: dependabotUpdate
    displayName: Dependabot Update Job
    timeoutInMinutes: 180 # 60 minutes was previously not enough in some cases
    pool:
      vmImage: 'ubuntu-latest' # requires macos or ubuntu (windows is not supported)
    steps:
      - task: dependabot@2
        inputs:
          setAutoComplete: false # "true" failed with "403 Forbidden", could maybe be fixed by changing some permissions

dependabot.yml

# Docs: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
# - this file is expected to be located at /.azuredevops/dependabot.yml
# - also check out the related file in /pipelines/run-dependabot.yml
version: 2
updates:
  - package-ecosystem: "nuget"
    directory: "/"
    schedule:
      interval: "daily"
    target-branch: "develop"
    open-pull-requests-limit: 1 # let's start low, we can increase this later
    commit-message:
      prefix: "🤖"
    ignore:
      - dependency-name: "*"
        update-types: [ "version-update:semver-major" ] # Ignore major version updates
    groups:
      # Define groups that should be updated together
      application-insights:
        patterns:
          - "Microsoft.ApplicationInsights*"
      ef-core:
        patterns:
          - "Microsoft.EntityFrameworkCore*"
      event-hubs:
        patterns:
          - "Azure.Messaging.EventHubs*"
      hot-chocolate:
        patterns:
          - "HotChocolate*"
      nsubstitute:
        patterns:
          - "NSubstitute*"
      xunit:
        patterns:
          - "xunit*"

@rhyskoedijk rhyskoedijk linked a pull request Nov 17, 2024 that will close this issue
Draft
@rhyskoedijk
Copy link
Contributor

@Patrick-3000 and @sgabler-solytic, thanks for the reports.
This will be fixed in #1461.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix open pull requests limit being ignored rhyskoedijk/dependabot-azure-devops
3 participants
@rhyskoedijk @Patrick-3000 @sgabler-solytic