More dependabot (#6977)

Apply dependabot to `settings.gradle.kts` and `build.gradle.kts` in a rather roundabout way (see README.md). Currently built on top of #6975
open-telemetry · Oct 26, 2022 · 9d23fd6 · 9d23fd6
1 parent 28459d8
commit 9d23fd6
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -39,6 +39,15 @@ updates:
       interval: "daily"
     open-pull-requests-limit: 10
 
+  - package-ecosystem: "gradle"
+    # need to scope gradle dependency updates down in this repo because most of the instrumentations
+    # intentionally test against old library versions
+    directory: ".github/project-root-duplicates"
+    rebase-strategy: "disabled"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+
   - package-ecosystem: "gradle"
     directory: "/"
     allow:

diff --git a/.github/project-root-duplicates/README.md b/.github/project-root-duplicates/README.md
@@ -0,0 +1,6 @@
+This directory and the two symlinks in it are used by the
+[dependabot configuration](../.github/dependabot.yml), because we can't include the root directory
+in the dependabot scanning since then it will pick up all of the old library versions that we
+intentionally compile and test against.
+
+See https://github.com/dependabot/dependabot-core/issues/4364.
diff --git a/.github/project-root-duplicates/build.gradle.kts b/.github/project-root-duplicates/build.gradle.kts
@@ -0,0 +1 @@
+../../build.gradle.kts
diff --git a/.github/project-root-duplicates/settings.gradle.kts b/.github/project-root-duplicates/settings.gradle.kts
@@ -0,0 +1 @@
+../../settings.gradle.kts