Alterantive for dependabot
Created by: rettigl
Dependabot is not the solution. It simply overwrites all limits to dependencies set in the pyproject.toml file. This is not what we want, just update the lock file.
Merge request reports
Activity
Created by: coveralls
Pull Request Test Coverage Report for Build 6605579474
- 0 of 0 changed or added relevant lines in 0 files are covered.
- 2 unchanged lines in 1 file lost coverage.
- Overall coverage decreased (-0.05%) to 90.556%
Files with Coverage Reduction New Missed Lines % sed/calibrator/energy.py 2 91.86% Totals Change from base Build 6566160858: -0.05% Covered Lines: 4296 Relevant Lines: 4744
- Coveralls Created by: zain-sohail
Dependabot is not the solution. It simply overwrites all limits to dependencies set in the pyproject.toml file. This is not what we want, just update the lock file.
I think a solution to this exists here: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy with stragegy being lockfile-only (or possibly another)
Secondly, using groups https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups would allow to have just one PR. I used the wrong keyword https://github.com/OpenCOMPES/sed/blob/0fec74d6ab6e2e9f7c7a645b3dc9aeb538d60b53/.github/dependabot.yml#L8 when it should be production