Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add trivy group for dependabot #6908

Merged
merged 5 commits into from
Jun 13, 2024
Merged

ci: add trivy group for dependabot #6908

merged 5 commits into from
Jun 13, 2024

Conversation

DmitriyLewen
Copy link
Contributor

@DmitriyLewen DmitriyLewen commented Jun 11, 2024
edited
Loading

Description

Add trivy group for dependabot

Test PRs:

Related PRs

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@DmitriyLewen DmitriyLewen requested a review from knqyf263 as a code owner June 11, 2024 11:31
@DmitriyLewen DmitriyLewen self-assigned this Jun 11, 2024
@DmitriyLewen DmitriyLewen mentioned this pull request Jun 11, 2024
Closed
@knqyf263
Copy link
Collaborator

I think trivy-* should be bumped manually. What if just excluding them?

@knqyf263 knqyf263 enabled auto-merge June 13, 2024 03:07
@DmitriyLewen
Copy link
Contributor Author

@knqyf263 I updated this PR.

But dependabot will create separate PR for each trivy- deps (e.g. DmitriyLewen#107)
We can add trivy- deps to ignore field (https://github.com/DmitriyLewen/trivy/blob/b8e4484761a237ec00366a7a259353ba36a391e4/.github/dependabot.yml#L24-L25)
DmitriyLewen#107

wdyt?

@knqyf263 knqyf263 disabled auto-merge June 13, 2024 03:27
@knqyf263
Copy link
Collaborator

But dependabot will create separate PR for each trivy- deps (e.g. DmitriyLewen#107)

@simar7 @nikpivkin @chen-keinan What do you think? You guys have more chances to bump trivy-*. Do you prefer bumping them manually? Or do you want Dependabot to create a PR?

@simar7
Copy link
Member

simar7 commented Jun 13, 2024

But dependabot will create separate PR for each trivy- deps (e.g. DmitriyLewen#107)

@simar7 @nikpivkin @chen-keinan What do you think? You guys have more chances to bump trivy-*. Do you prefer bumping them manually? Or do you want Dependabot to create a PR?

I think I would prefer a manual bump. Sometimes we have to coordinate changes in Trivy and the ancillary repos in a way that they don't cause breakage.

@DmitriyLewen
Copy link
Contributor Author

@knqyf263 ignore trivy-* deps - 23aa926

@knqyf263
Copy link
Collaborator

Tests are still failing?

@DmitriyLewen
Copy link
Contributor Author

First we need to merge #6914.

@knqyf263 knqyf263 added this pull request to the merge queue Jun 13, 2024
Merged via the queue into aquasecurity:main with commit 04ed5ed Jun 13, 2024
12 checks passed
@DmitriyLewen DmitriyLewen deleted the ci-dependabot/trivy-group branch June 13, 2024 09:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees

@DmitriyLewen DmitriyLewen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DmitriyLewen @knqyf263 @simar7