ci: Ignore Dependabot PRs to update tests/constraints.txt (#2010)

* Ignore all dependencies that are under the domain of pip in Dependabot's package ecosystems to avoid automatic security PRs that target tests/constraints.txt, which must remain static for lower bound constraints testing. * Add default labels and reviewers to be applied to PRs from GHA updates from Dependabot.
scikit-hep · Sep 21, 2022 · 37abb3b · 37abb3b
1 parent 0ae9b0e
commit 37abb3b
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,3 +5,16 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    labels:
+      - "github-actions"
+      - "dependencies"
+    reviewers:
+      - "matthewfeickert"
+
+  # Ignore all pip dependencies to avoid PRs to update tests/constraints.txt
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "*"