Ignore container changes from dependabot#38344
Conversation
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request updates the Dependabot configuration to reduce noise by excluding autogenerated container-related files from dependency update checks within the Python SDK directory. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the Dependabot configuration to exclude specific paths from Python dependency updates. The review feedback correctly identifies that the exclude-paths pattern should be relative to the ecosystem's base directory, suggesting a correction to the path pattern to ensure Dependabot properly ignores the intended files.
| schedule: | ||
| interval: "daily" | ||
| exclude-paths: | ||
| - "/sdks/python/container/**" |
There was a problem hiding this comment.
According to the Dependabot documentation, the patterns in exclude-paths are relative to the directory specified for the ecosystem. Since the directory for this block is already set to /sdks/python (line 23), the exclusion pattern should be relative to that path. Using the full path /sdks/python/container/** will likely cause Dependabot to look for a path relative to the manifest directory, effectively searching for /sdks/python/sdks/python/container/**, which will not match the intended files.
- "container/**"
|
R: @jrmccluskey |
|
Stopping reviewer notifications for this pull request: review requested by someone other than the bot, ceding control. If you'd like to restart, comment |
2 participants
These are all autogenerated, so we shouldn't get patches for them. The only exception is https://github.com/apache/beam/blob/master/sdks/python/container/base_image_requirements_manual.txt which needs manual updates for the most part anyways
Relevant feature doc - https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#exclude-paths-
Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:
addresses #123), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, commentfixes #<ISSUE NUMBER>instead.CHANGES.mdwith noteworthy changes.See the Contributor Guide for more tips on how to make review process smoother.
To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md
GitHub Actions Tests Status (on master branch)
See CI.md for more information about GitHub Actions CI or the workflows README to see a list of phrases to trigger workflows.