Permit overlapping rules #10160
Labels
L: rust:cargo
Rust crates via cargo
service 💁
Relates to Dependabot features GitHub provides
T: feature-request
Requests for new features
Comments
github-actions
bot
added
L: git:submodules
jonhoo
added a commit
to jonhoo/rust-ci-conf
that referenced
this issue
Jul 7, 2024
This reverts commit dcf6883. Will not work due to dependabot/dependabot-core#10160
|
Worth pointing out that with #4009, I could get pretty close with a single rule with multiple |
jakecoffman
added
service 💁
samlaf
added a commit
to Layr-Labs/hokulea
that referenced
this issue
Dec 15, 2024
Copied https://github.com/anton-rs/kona/blob/main/.github/dependabot.yml We might eventually want to move to something more coarse grained, see dependabot/dependabot-core#10160
samlaf
added a commit
to Layr-Labs/hokulea
that referenced
this issue
Dec 15, 2024
Copied https://github.com/anton-rs/kona/blob/main/.github/dependabot.yml We might eventually want to move to something more coarse grained, see dependabot/dependabot-core#10160
bluthej
pushed a commit
to bluthej/ploc
that referenced
this issue
Dec 29, 2024
This reverts commit dcf68836181145511a35a269e8392d0a0f0c61e1. Will not work due to dependabot/dependabot-core#10160
jimmielovell
added a commit
to jimmielovell/ruts
that referenced
this issue
Feb 6, 2025
* Add one codecov * Merge another codecov * Merge another codecov * Merge another codecov * Merge another codecov * Place codecov config under .github * Add (only) ASAN workflow * Add first coverage workflow * Merge another coverage.yml * Merge another coverage.yml * Add first features workflow * Merge another features workflow * Merge another features workflow * Merge another features workflow * Add (only) loom workflow * Add (only) LSAN workflow * Add first minial workflow * Add (only) miri workflow * Add first msrv workflow * Merge another msrv workflow * Merge another msrv workflow * Merge another msrv workflow * Add (only) no-std workflow * Add first os-check workflow * Merge another os-check workflow * Add first style workflow * Merge another style workflow * Merge another style workflow * Add first test workflow * Merge another test workflow * Merge another test workflow * Merge another test workflow * Make everything use checkout@v3 * Standardize on 'main' as branch name * Missed a submodule checkout * Add TODOs from twitter thread * Practice what you preach * mv github .github This should make it possible to have rust-ci-conf as a remote you merge from. * Merge safety workflows * Catch upcoming deprecations * More concise name for scheduled jobs * Allow examples and binaries to require features * Use dependabot, but only for major versions * ignore is a list * Notify if actions themselves are outdated * Bump codecov/codecov-action from 2 to 3 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v2...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Move to maintained rust installer See actions-rs/toolchain#216 * Fix install message for msrv * Get rid of most actions-rs bits Given that that project is unmaintained. actions-rs/toolchain#216 * Minimal token permissions See tokio-rs/tokio#5072 * Remove -Zmiri-tag-raw-pointers as it's now default * Unbreak cargo hack for non-libraries (#4) * Add action to run doctest. (#3) `cargo test --all-features` does not run doc-tests. For more information see rust-lang/cargo#6669. * chore: automatically cancel superseded Actions runs (#5) * [sanity] More robust injection of opt-level 1 (#9) Fixes #8 * Quote MSRV version to avoid float parsing (#11) Put 1.70 in there (for instance if you want to pin against OnceLock stabilizing) and it will actually test 1.7 as it appears github auto converts this to a float? Putting in quotes seems to do the right thing here * Install Openssl for Windows (#12) * Don't install OpenSSL on Windows by default * Bump actions/checkout from 3 to 4 (#13) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: Add documentation based on the youtube video (#10) * Nit: Selecting direct minimal versions flag is -Zdirect-minimal-versions (#16) * chore: fix typos (#17) * Remove stray trailing whitespace * replace actions-rs/clippy-check with giraffate/clippy-action (#19) Co-authored-by: rtkay123 <[email protected]> * Semi-breaking: update codecov action Note: this requires adding `CODECOV_TOKEN` to your GitHub repository's secrets! See associated comment in the commit content. * Uniform capitalization * Add cargo-semver-checks * More intelligent dependabot behaviour * Revert "More intelligent dependabot behaviour" This reverts commit dcf6883. Will not work due to dependabot/dependabot-core#10160 * documentation check with `cargo-docs-rs` (#23) * fix shell-check (#24) * Upgrade codecov-action to v5 See codecov/codecov-action#1645. * remove nostd and safety workflows * prepare for release --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Jon Gjengset <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tudyx <[email protected]> Co-authored-by: Burkhard Mittelbach <[email protected]> Co-authored-by: Simen Bekkhus <[email protected]> Co-authored-by: James Chacon <[email protected]> Co-authored-by: Rod Elias <[email protected]> Co-authored-by: Josh McKinney <[email protected]> Co-authored-by: Mathias Pius <[email protected]> Co-authored-by: Anas <[email protected]> Co-authored-by: rtkay123 <[email protected]> Co-authored-by: rtkay123 <[email protected]> Co-authored-by: Charles Edward Gagnon <[email protected]> Co-authored-by: cospectrum <[email protected]>
26 tasks
ShellTux
added a commit
to ShellTux/scanner.rs
that referenced
this issue
Apr 15, 2025
commit fabb82abd53e0052c8b70ae197a80e6203ede26d Author: Jon Gjengset <[email protected]> Date: Tue Nov 19 12:08:56 2024 +0100 Upgrade codecov-action to v5 See codecov/codecov-action#1645. commit c6a836118612ec10478df972f523000eb4387339 Author: cospectrum <[email protected]> Date: Sat Sep 14 11:18:31 2024 +0300 fix shell-check (#24) commit 5ed5ed26c75685740abb4af25c17b18cc091edcf Author: Charles Edward Gagnon <[email protected]> Date: Sun Aug 18 03:28:39 2024 -0400 documentation check with `cargo-docs-rs` (#23) commit 799c99e0cf77d2289ab47e84fa3b8296cfc5beb1 Author: Jon Gjengset <[email protected]> Date: Sun Jul 7 10:18:50 2024 +0200 Revert "More intelligent dependabot behaviour" This reverts commit dcf68836181145511a35a269e8392d0a0f0c61e1. Will not work due to dependabot/dependabot-core#10160 commit dcf68836181145511a35a269e8392d0a0f0c61e1 Author: Jon Gjengset <[email protected]> Date: Sun Jul 7 10:05:52 2024 +0200 More intelligent dependabot behaviour commit 528977532c28ad859bea7ba0cb5e6cb3e0fce56b Author: Jon Gjengset <[email protected]> Date: Sun Mar 31 10:42:53 2024 +0200 Add cargo-semver-checks commit caa3616c250361bac585b6979e5390e403b45097 Author: Jon Gjengset <[email protected]> Date: Sat Feb 3 09:44:41 2024 +0100 Uniform capitalization commit f8f04aefdf3c756e6a769399ce2ac89979338ad0 Author: Jon Gjengset <[email protected]> Date: Sat Feb 3 09:31:12 2024 +0100 Semi-breaking: update codecov action Note: this requires adding `CODECOV_TOKEN` to your GitHub repository's secrets! See associated comment in the commit content. commit f505e09b2a145de0df7445ca0ebe1f98b52ab3bc Author: rtkay123 <[email protected]> Date: Sat Jan 20 11:10:51 2024 +0200 replace actions-rs/clippy-check with giraffate/clippy-action (#19) Co-authored-by: rtkay123 <[email protected]> commit a13691528b3f1918594bfc53db8cf5ad0240c59e Author: Jon Gjengset <[email protected]> Date: Sun Dec 17 18:15:06 2023 +0100 Remove stray trailing whitespace commit 60fdfbb65055e7e852820a75d9cf80b88d020702 Author: Anas <[email protected]> Date: Sun Dec 17 17:52:41 2023 +0200 chore: fix typos (#17) commit 3d6ab95662ede7ae2898cdc7bd5b75668c7b8ca0 Author: Mathias Pius <[email protected]> Date: Sat Nov 11 15:01:33 2023 +0100 Nit: Selecting direct minimal versions flag is -Zdirect-minimal-versions (#16) commit bfee1175f6378c9191eca0af88e068ed49d48bef Author: Josh McKinney <[email protected]> Date: Sat Nov 11 01:14:12 2023 -0800 docs: Add documentation based on the youtube video (#10) commit deb9fd3f46de5eebd2583292362a161b1d1c56c4 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat Sep 9 16:21:14 2023 +0200 Bump actions/checkout from 3 to 4 (#13) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 7c327ddf5b42f5309f564da8275c789c4a22fdbb Author: Jon Gjengset <[email protected]> Date: Sun Aug 20 15:12:25 2023 +0200 Don't install OpenSSL on Windows by default commit c704bcc656871d37f93f79234c4d530522ac8733 Author: Rod Elias <[email protected]> Date: Sun Aug 20 09:40:15 2023 -0300 Install Openssl for Windows (#12) commit 99f108f93c4f09906a4ddd4506fa4a2cbc68169d Author: James Chacon <[email protected]> Date: Sun Aug 13 03:13:38 2023 -0700 Quote MSRV version to avoid float parsing (#11) Put 1.70 in there (for instance if you want to pin against OnceLock stabilizing) and it will actually test 1.7 as it appears github auto converts this to a float? Putting in quotes seems to do the right thing here commit 6332a3af21a58f811a681a98cd44d0f5da8a1891 Author: Jon Gjengset <[email protected]> Date: Mon Apr 24 12:40:14 2023 -0700 [sanity] More robust injection of opt-level 1 (#9) Fixes #8 commit 16a2c2925eb46e24208b20bca567f1e7546f4e2f Author: Simen Bekkhus <[email protected]> Date: Sat Apr 8 18:57:54 2023 +0200 chore: automatically cancel superseded Actions runs (#5) commit 80a89195f2ac9971ecff9d422a6bb83b3f84e0bc Author: Burkhard Mittelbach <[email protected]> Date: Mon Mar 20 01:18:49 2023 +0100 Add action to run doctest. (#3) `cargo test --all-features` does not run doc-tests. For more information see rust-lang/cargo#6669. commit 0d12c82bf4a89014643cd2b7991c63da9dd8b15b Author: Tudyx <[email protected]> Date: Mon Mar 20 01:17:59 2023 +0100 Unbreak cargo hack for non-libraries (#4) commit 5ea59356dc9379a08dff5bf3df3c5016df2ca7f3 Author: Jon Gjengset <[email protected]> Date: Sun Mar 12 09:40:09 2023 -0700 Remove -Zmiri-tag-raw-pointers as it's now default commit a076ec1cb42e88e6444ae7f573570ec53c149074 Author: Jon Gjengset <[email protected]> Date: Sat Mar 11 15:08:45 2023 -0800 Minimal token permissions See tokio-rs/tokio#5072 commit 9afb0e111adcd678ef06884cf737aa9e0cf135e7 Author: Jon Gjengset <[email protected]> Date: Sat Mar 11 15:07:39 2023 -0800 Get rid of most actions-rs bits Given that that project is unmaintained. actions-rs/toolchain#216 commit 90999e1bd1a9dabaecd149697f69e8e26e810562 Author: Jon Gjengset <[email protected]> Date: Fri Mar 10 21:22:30 2023 -0800 Fix install message for msrv commit 362696ab8007ef1a4779885a398286856cacf555 Author: Jon Gjengset <[email protected]> Date: Fri Mar 10 21:16:35 2023 -0800 Move to maintained rust installer See actions-rs/toolchain#216 commit d6bd5c67a444a379d70a014de537c29dc77f7711 Merge: 82cbed8 c8a7835 Author: Jon Gjengset <[email protected]> Date: Fri Dec 9 19:42:59 2022 -0500 Merge pull request #1 from jonhoo/dependabot/github_actions/codecov/codecov-action-3 Bump codecov/codecov-action from 2 to 3 commit c8a7835b2f0b21d9a64e6a8b0ddc10fbc88e2dd1 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat Dec 10 00:25:41 2022 +0000 Bump codecov/codecov-action from 2 to 3 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v2...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> commit 82cbed84f82e8538cdfc99dcf1b8b2cbab4fb126 Author: Jon Gjengset <[email protected]> Date: Fri Dec 9 16:25:21 2022 -0800 Notify if actions themselves are outdated commit cf47d4cad4b241a30245a51aa1ac7e99e7fedf8a Author: Jon Gjengset <[email protected]> Date: Wed Sep 28 18:23:39 2022 -0700 ignore is a list commit b783cb31ab3c6c27ad826bde44aa917c0d0908da Author: Jon Gjengset <[email protected]> Date: Fri Sep 23 08:53:07 2022 -0700 Use dependabot, but only for major versions commit 441dc27e4d1e365bfc9b0c25e736da6cb1d15102 Author: Jon Gjengset <[email protected]> Date: Sun Sep 18 14:01:04 2022 -0700 Allow examples and binaries to require features commit ea198cc4991e2f869cd99cb8175652576ef15119 Author: Jon Gjengset <[email protected]> Date: Sun Sep 18 13:52:47 2022 -0700 More concise name for scheduled jobs commit 15c1fa2ffcc0f31fabcdcd90cde6a05b54baf8b5 Author: Jon Gjengset <[email protected]> Date: Sun Sep 18 12:10:58 2022 -0700 Catch upcoming deprecations commit 56d4398a24f8c7aae0ba4a74eefaf75d1c3db3a8 Author: Jon Gjengset <[email protected]> Date: Sun Sep 18 11:52:12 2022 -0700 Merge safety workflows commit 71c2048cc0017a84a294be69d3b1629f55b1c8f0 Author: Jon Gjengset <[email protected]> Date: Sun Sep 18 11:44:55 2022 -0700 mv github .github This should make it possible to have rust-ci-conf as a remote you merge from. commit afa25312c9c6cf8748629bd3a5c054a688785dfc Author: Jon Gjengset <[email protected]> Date: Sun Sep 18 11:29:34 2022 -0700 Practice what you preach commit 4859c128823805015dc164d58316dc5b25a69264 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 18:16:21 2022 -0700 Add TODOs from twitter thread commit 87365663b1f49c88c2a3642fece0b2a932001355 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 16:19:55 2022 -0700 Missed a submodule checkout commit 99ddee84ab05f5d5f37ad30a31d18dd7c72050c9 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:47:57 2022 -0700 Standardize on 'main' as branch name commit 0f90a0b77958b3978b6be3997a09ea5cb9b1bd6b Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:47:38 2022 -0700 Make everything use checkout@v3 commit 2de2235ad3803a978e150fca8d38182eb6ed7a9e Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:46:13 2022 -0700 Merge another test workflow commit 971c3fd9eb5f7d80088caaf5647a74b82d40b860 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:42:52 2022 -0700 Merge another test workflow commit 0910d977fc68082220d493bef07bc9d5f2265fc7 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:42:25 2022 -0700 Merge another test workflow commit 8953a88abecc66ea7811766b46aff6a5fd767124 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:42:10 2022 -0700 Add first test workflow commit 3bd8b12ec08910b2609cdfc843474d5b83ff7dbc Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:41:57 2022 -0700 Merge another style workflow commit fe460400ed2259af7e17f5ff51742137623e9e8e Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:41:00 2022 -0700 Merge another style workflow commit bc3f55118617b5ffe1ea479c4f6d7d2167b86d36 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:40:29 2022 -0700 Add first style workflow commit 05dd4680bf90603c70cb7cd406299675441fe59d Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:39:59 2022 -0700 Merge another os-check workflow commit 92379c862376607f7caca04e470c09671922f238 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:39:09 2022 -0700 Add first os-check workflow commit c74ee968a1aafec9e839dee907f0137e6356feff Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:38:56 2022 -0700 Add (only) no-std workflow commit e6ef8e3166b93c22af938872a547e104f2601587 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:38:01 2022 -0700 Merge another msrv workflow commit 1113c895d862ce860c82596cac973ad075ef1ac6 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:37:31 2022 -0700 Merge another msrv workflow commit b60aa5589ac569446a5128453983dee9bb504666 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:37:03 2022 -0700 Merge another msrv workflow commit 9b48ae326374d8d8609a65649026fa09f8a68c7f Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:36:43 2022 -0700 Add first msrv workflow commit 77079d77cb4aa288bda667917667cfaee87bd361 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:36:29 2022 -0700 Add (only) miri workflow commit c65a7c4f87be9ddea9e34eb254f3b6d5933db4ef Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:35:09 2022 -0700 Add first minial workflow commit bf66d94f15b7288f417cfae0eab6542e2e100daf Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:34:43 2022 -0700 Add (only) LSAN workflow commit f67cad0f915deebcdf7ceb89ffdd0925bc910153 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:34:34 2022 -0700 Add (only) loom workflow commit d8c8a99dea99b437eefc56e5b873a863a4446c51 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:33:48 2022 -0700 Merge another features workflow commit 043eb24611b5272a04082d63566837a9efbc71e9 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:32:58 2022 -0700 Merge another features workflow commit 922692a2977a4c93786a0ecbe11fc01501361aad Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:32:32 2022 -0700 Merge another features workflow commit 225ad3978688c093f4670ec04352d465076f39d3 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:31:58 2022 -0700 Add first features workflow commit 1fe2a6d008275efaff56200b8fba5ecc252aa970 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:31:17 2022 -0700 Merge another coverage.yml commit fe6ba380bd39c665e9d9a2153b2dc5287fe25cae Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:29:55 2022 -0700 Merge another coverage.yml commit bbdbd96ec709e3cc83a081cf821fdfffce85ecb5 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:27:38 2022 -0700 Add first coverage workflow commit 11027d3f75ced20536b99225edccf34f286dd4e0 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:27:27 2022 -0700 Add (only) ASAN workflow commit 126c9a3a35d5ac428c22883d36f0aac69d2e20e9 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:25:23 2022 -0700 Place codecov config under .github commit b32648cabb5862b0814ab0abd6d5c81498758270 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:24:02 2022 -0700 Merge another codecov commit 510b69615dd47cb63584976512cb95b265cb22bf Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:23:03 2022 -0700 Merge another codecov commit 7f34f791c0a5c3f2c2ce2ed7e43ff12ed123c62c Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:22:18 2022 -0700 Merge another codecov commit 1b8c3056e6a015949896ca20815719930ec48051 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:21:57 2022 -0700 Merge another codecov commit 1c486b2c73cb2ae896dd77e0f0ec060a47f15cd7 Author: Jon Gjengset <[email protected]> Date: Sat Sep 17 12:10:07 2022 -0700 Add one codecov
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Feature description
After a lot of fiddling with dependabot rules for the Rust (well,
cargo) ecosystem over the years, I thought I'd finally arrived at a dependabot configuration that follows Rust's preferred semantics for updates without too much noise:Cargo.toml, and should happen in a timely fashion.Cargo.toml, should happen jointly in a single PR, and should happen on a regular-but-sparse cadence.Unfortunately, no such luck; the setup I'd come up with requires multiple dependabot rules for the
cargopackage ecosystem, and that is disallowed, giving the error:They're not technically overlapping since they have
ignoreclauses that make them distinct, though I suspect it'd be quite difficult to have dependabot check for that property for arbitraryignoreblocks.Ultimately, I'd love to see dependabot approach rules the same way it approaches the new(ish)
groups, specifically:That is, for overlapping rules to be permitted where the first one that matches takes precedence. That would unlock use-cases like mine, which as far as I can tell at least cannot be achieved with dependabot's current configuration structure.
The text was updated successfully, but these errors were encountered: