Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependabot configuration for VPA #5567

Merged
merged 2 commits into from
Apr 3, 2023
Merged

Add dependabot configuration for VPA #5567

merged 2 commits into from
Apr 3, 2023

Conversation

voelzmo
Copy link
Contributor

@voelzmo voelzmo commented Mar 6, 2023

What type of PR is this?

What this PR does / why we need it:

Adds dependabot configuration for VPA. We can try to automate updates of the builder golang version and security fixes for the dependencies in go.mod. Recent examples where we did these update by hand are bumping golang to 1.19.5 and updating github.com/emicklei/go-restful/v3.

By setting open-pull-requests-limit: 0, you limit the dependabot updates to security fixes only – these PRs are done with a separate pull-request-limit pool

Which issue(s) this PR fixes:

Fixes #5341

Special notes for your reviewer:

As discussed in the last SIG meeting, let's see if this creates too much noise. We can revisit this in ~4 weeks and can revert this is it is not useful.
As discussed in #5341, we enable this for VPA only at this point in time.

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 6, 2023
@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Mar 6, 2023
@jbartosik jbartosik self-assigned this Mar 6, 2023
@jbartosik
Copy link
Collaborator

Looks good to me. I'd like to merge #5536 first to avoid merge conflicts

jbartosik
jbartosik reviewed Mar 10, 2023
View reviewed changes
Copy link
Collaborator

@jbartosik jbartosik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 10, 2023
@voelzmo voelzmo mentioned this pull request Apr 3, 2023
Merged
@gjtempleton
Copy link
Member

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gjtempleton, jbartosik, voelzmo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 3, 2023
@k8s-ci-robot k8s-ci-robot merged commit 9f25a89 into kubernetes:master Apr 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbartosik jbartosik jbartosik approved these changes

@gjtempleton gjtempleton Awaiting requested review from gjtempleton

@MaciekPytel MaciekPytel Awaiting requested review from MaciekPytel

Assignees

@jbartosik jbartosik

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Configure Dependabot security updates?
4 participants
@voelzmo @jbartosik @gjtempleton @k8s-ci-robot