Use a relative exclude-paths in dependabot.yml and a wildcard
#409
Conversation
This reverts commit 8042826.
exclude-paths in dependabot.yml and a wildcard
|
🤞 |
| directory: "/" | ||
| exclude-paths: | ||
| - "pyperformance/data-files/" | ||
| - "pyperformance/data-files/**" |
There was a problem hiding this comment.
Interesting.. The previous version should have worked as well. May be some regression in how Dependabot is trying to filter paths @hugovk
There was a problem hiding this comment.
One idea is to enable Dependabot in your fork, and then you can iterate more quickly to find a solution? (If there is one :)
There was a problem hiding this comment.
Or maybe this is working?
#411 is an expected update in the top-level pyproject.toml
There was a problem hiding this comment.
Hmm yeah..
I'm not an official maintainer of Dependabot - I just contributed in this file-fetching part, so I can't say in an accurate way what could be the real issue... Right now the logic has been moved away from the FileFetcher, so it could be because of the value of directory, making the exclude-paths relative to it.
Before, it would be relative to the root of the project. I'm not sure if the value for directory forces the "root" be another one (it might be)
Unfortunately, #407 is incorrect, as demonstrated by #408:
/pyperformance/data-files/benchmarks/bm_dulwich_logshould be exluded.It's not exactly clear to me why:
exclude-pathsrelative to thedirectory?exclude-pathsneeds a wildcard?exclude-pathsdoesn't care about security updates?It's impossible to test, and there are three sources of knowledge on the subject:
dependabot.yamlfiles across the Github universe: https://github.com/search?q=path%3Adependabot.yml+exclude-paths&type=codeMy – possibly incorrect – understanding is that 1. is true, 2. is likely true, and 3. is not definite (does "update PR creation" include security?) from reading comments:
dependabot/dependabot-core#4364 (comment)
I think that we can revert #296 once we confirm that it's indeed the fix.