Permit overlapping rules #10160
Labels
L: rust:cargo
Rust crates via cargo
service 💁
Relates to Dependabot features GitHub provides
T: feature-request
Requests for new features
Comments
jonhoo
added a commit
to jonhoo/rust-ci-conf
that referenced
this issue
Jul 7, 2024
This reverts commit dcf6883. Will not work due to dependabot/dependabot-core#10160
|
Worth pointing out that with #4009, I could get pretty close with a single rule with multiple |
samlaf
added a commit
to Layr-Labs/hokulea
that referenced
this issue
Dec 15, 2024
Copied https://github.com/anton-rs/kona/blob/main/.github/dependabot.yml We might eventually want to move to something more coarse grained, see dependabot/dependabot-core#10160
samlaf
added a commit
to Layr-Labs/hokulea
that referenced
this issue
Dec 15, 2024
Copied https://github.com/anton-rs/kona/blob/main/.github/dependabot.yml We might eventually want to move to something more coarse grained, see dependabot/dependabot-core#10160
bluthej
pushed a commit
to bluthej/ploc
that referenced
this issue
Dec 29, 2024
This reverts commit dcf68836181145511a35a269e8392d0a0f0c61e1. Will not work due to dependabot/dependabot-core#10160
jimmielovell
added a commit
to jimmielovell/ruts
that referenced
this issue
Feb 6, 2025
* Add one codecov * Merge another codecov * Merge another codecov * Merge another codecov * Merge another codecov * Place codecov config under .github * Add (only) ASAN workflow * Add first coverage workflow * Merge another coverage.yml * Merge another coverage.yml * Add first features workflow * Merge another features workflow * Merge another features workflow * Merge another features workflow * Add (only) loom workflow * Add (only) LSAN workflow * Add first minial workflow * Add (only) miri workflow * Add first msrv workflow * Merge another msrv workflow * Merge another msrv workflow * Merge another msrv workflow * Add (only) no-std workflow * Add first os-check workflow * Merge another os-check workflow * Add first style workflow * Merge another style workflow * Merge another style workflow * Add first test workflow * Merge another test workflow * Merge another test workflow * Merge another test workflow * Make everything use checkout@v3 * Standardize on 'main' as branch name * Missed a submodule checkout * Add TODOs from twitter thread * Practice what you preach * mv github .github This should make it possible to have rust-ci-conf as a remote you merge from. * Merge safety workflows * Catch upcoming deprecations * More concise name for scheduled jobs * Allow examples and binaries to require features * Use dependabot, but only for major versions * ignore is a list * Notify if actions themselves are outdated * Bump codecov/codecov-action from 2 to 3 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v2...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Move to maintained rust installer See actions-rs/toolchain#216 * Fix install message for msrv * Get rid of most actions-rs bits Given that that project is unmaintained. actions-rs/toolchain#216 * Minimal token permissions See tokio-rs/tokio#5072 * Remove -Zmiri-tag-raw-pointers as it's now default * Unbreak cargo hack for non-libraries (#4) * Add action to run doctest. (#3) `cargo test --all-features` does not run doc-tests. For more information see rust-lang/cargo#6669. * chore: automatically cancel superseded Actions runs (#5) * [sanity] More robust injection of opt-level 1 (#9) Fixes #8 * Quote MSRV version to avoid float parsing (#11) Put 1.70 in there (for instance if you want to pin against OnceLock stabilizing) and it will actually test 1.7 as it appears github auto converts this to a float? Putting in quotes seems to do the right thing here * Install Openssl for Windows (#12) * Don't install OpenSSL on Windows by default * Bump actions/checkout from 3 to 4 (#13) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: Add documentation based on the youtube video (#10) * Nit: Selecting direct minimal versions flag is -Zdirect-minimal-versions (#16) * chore: fix typos (#17) * Remove stray trailing whitespace * replace actions-rs/clippy-check with giraffate/clippy-action (#19) Co-authored-by: rtkay123 <dev@kanjala.com> * Semi-breaking: update codecov action Note: this requires adding `CODECOV_TOKEN` to your GitHub repository's secrets! See associated comment in the commit content. * Uniform capitalization * Add cargo-semver-checks * More intelligent dependabot behaviour * Revert "More intelligent dependabot behaviour" This reverts commit dcf6883. Will not work due to dependabot/dependabot-core#10160 * documentation check with `cargo-docs-rs` (#23) * fix shell-check (#24) * Upgrade codecov-action to v5 See codecov/codecov-action#1645. * remove nostd and safety workflows * prepare for release --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jon Gjengset <jon@thesquareplanet.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tudyx <56633664+Tudyx@users.noreply.github.com> Co-authored-by: Burkhard Mittelbach <wasabi37a@googlemail.com> Co-authored-by: Simen Bekkhus <sbekkhus91@gmail.com> Co-authored-by: James Chacon <chacon.james@gmail.com> Co-authored-by: Rod Elias <rodiney@gmail.com> Co-authored-by: Josh McKinney <joshka@users.noreply.github.com> Co-authored-by: Mathias Pius <g+github@pius.io> Co-authored-by: Anas <anas.elgarhy.dev@gmail.com> Co-authored-by: rtkay123 <70331483+rtkay123@users.noreply.github.com> Co-authored-by: rtkay123 <dev@kanjala.com> Co-authored-by: Charles Edward Gagnon <76854355+carloskiki@users.noreply.github.com> Co-authored-by: cospectrum <severinalexeyv@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Feature description
After a lot of fiddling with dependabot rules for the Rust (well,
cargo) ecosystem over the years, I thought I'd finally arrived at a dependabot configuration that follows Rust's preferred semantics for updates without too much noise:Cargo.toml, and should happen in a timely fashion.Cargo.toml, should happen jointly in a single PR, and should happen on a regular-but-sparse cadence.Unfortunately, no such luck; the setup I'd come up with requires multiple dependabot rules for the
cargopackage ecosystem, and that is disallowed, giving the error:They're not technically overlapping since they have
ignoreclauses that make them distinct, though I suspect it'd be quite difficult to have dependabot check for that property for arbitraryignoreblocks.Ultimately, I'd love to see dependabot approach rules the same way it approaches the new(ish)
groups, specifically:That is, for overlapping rules to be permitted where the first one that matches takes precedence. That would unlock use-cases like mine, which as far as I can tell at least cannot be achieved with dependabot's current configuration structure.
The text was updated successfully, but these errors were encountered: