29

I have a directory /experiments in my repo which contains - surprise! - experiments. Those usually come with their own package.json which includes dependencies that were up to date at the time I made the experiment but might be outdated by now. I have no intent to keep them up to date as the experiments are just proofs of concepts - concepts I might want to use later in the project but I would then implement anew in the main project.

Unfortunately Dependapot sends me a lot of PRs that are about those dependencies in /experiments. Many of them require manual efforts on my end. So I would like to tell Dependabot to not send any notifications or create PRs for everything that is in the /experiments directory (but keep creating PRs for dependencies in the main project).

I didn't really find much docs about how to configure Dependabot on GitHub, but I came up with this:

/.github/dependabot.yml:

version: 2
updates:

  # Ignore experiments:
  - package-ecosystem: "npm"
    directory: "/experiments"
    schedule:
      interval: "daily"
    ignore:
      - dependency-name: "*"

It doesn't seem to work though. Today I received another PR from Dependabot that bumped one of the dependencies in /experiments. It was automatically merged, so no effort on my end, but still a bit annoying.

How can I do this right?

Improve this question
4
  • 2
    We have the exact same problem with our proof of concepts and Dependabot. I didn't find any solution for this either.
    – Dominik
    Commented Feb 1, 2021 at 8:43
  • 1
    Just found the solution, see my answer below.
    – Dominik
    Commented Feb 1, 2021 at 9:37
  • 1
    where's your answer @Dominik (:
    – mccc
    Commented Dec 15, 2022 at 17:16
  • 1
    I remember that there was an answer but it was wrong. Maybe they deleted it.
    – Fred
    Commented Jan 6, 2023 at 0:42

1 Answer 1

Reset to default
29

This doesn't seem possible as of May 2023: https://github.com/dependabot/dependabot-core/issues/4364

Improve this answer
2
  • 2
    Thanks for the info! That's a bummer :-| But now at least we know where to lobby for this feature XD
    – Fred
    Commented Feb 5, 2022 at 14:34
  • 1
    For anyone looking to have this feature implemented: there's a feature request to add monorepo support to dependapot and it's gaining tractions. Maybe, if you vote for it and post your use case, it might get higher priority. See: github.com/dependabot/dependabot-core/issues/…
    – Fred
    Commented Dec 27, 2023 at 11:37

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.