Skip to content

Commit 5f1eafd

Browse files
zkoppertCopilot
zkoppert
and
Copilot
committed
docs: update README with full ecosystem list and fix brittle test assertion
Update EXEMPT_ECOSYSTEMS docs to include devcontainers and gradle, add note about ValueError on unrecognized values, and alphabetize the list. Replace brittle result[21] index assertion in trailing comma test with full expected tuple comparison, matching the pattern used by all other tests in the file. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 174421b commit 5f1eafd

2 files changed

Lines changed: 35 additions & 2 deletions

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,7 @@ The needed GitHub app permissions are the following under `Repository permission
129129
| `FILTER_VISIBILITY` | False | "public,private,internal" | Use this flag to filter repositories in scope by their visibility (`public`, `private`, `internal`). By default all repository are targeted. ex: to ignore public repositories set this value to `private,internal`. |
130130
| `BATCH_SIZE` | False | None | Set this to define the maximum amount of eligible repositories for every run. This is useful if you are targeting large organizations and you don't want to flood repositories with pull requests / issues. ex: if you want to target 20 repositories per time, set this to 20. |
131131
| `ENABLE_SECURITY_UPDATES` | False | true | If set to true, Evergreen will enable [Dependabot security updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) on target repositories. Note that the GitHub token needs to have the `administration:write` permission on every repository in scope to successfully enable security updates. |
132-
| `EXEMPT_ECOSYSTEMS` | False | "" | A list of [package ecosystems](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) to exempt from the generated dependabot configuration. To ignore ecosystems set this to one or more of `bundler`,`cargo`, `composer`, `pip`, `docker`, `npm`, `gomod`, `mix`, `nuget`, `maven`, `github-actions` and `terraform`. ex: if you don't want Dependabot to update Dockerfiles and Github Actions you can set this to `docker,github-actions`. |
132+
| `EXEMPT_ECOSYSTEMS` | False | "" | A list of [package ecosystems](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) to exempt from the generated dependabot configuration. To ignore ecosystems set this to one or more of `bundler`, `cargo`, `composer`, `devcontainers`, `docker`, `github-actions`, `gomod`, `gradle`, `maven`, `mix`, `npm`, `nuget`, `pip` and `terraform`. Unrecognized values will raise a `ValueError`. ex: if you don't want Dependabot to update Dockerfiles and Github Actions you can set this to `docker,github-actions`. |
133133
| `REPO_SPECIFIC_EXEMPTIONS` | False | "" | A list of repositories that should be exempt from specific package ecosystems similar to EXEMPT_ECOSYSTEMS but those apply to all repositories. ex: `org1/repo1:docker,github-actions;org1/repo2:pip` would set exempt_ecosystems for `org1/repo1` to be `['docker', 'github-actions']`, and for `org1/repo2` it would be `['pip']`, while for every other repository evaluated, it would be set by the env variable `EXEMPT_ECOSYSTEMS`. NOTE: If you want specific exemptions to be added on top of the already specified global exemptions, you need to add the global exemptions to each repo specific exemption. |
134134
| `SCHEDULE` | False | `weekly` | Schedule interval by which to check for dependency updates via Dependabot. Allowed values are `daily`, `weekly`, or `monthly` |
135135
| `SCHEDULE_DAY` | False | '' | Scheduled day by which to check for dependency updates via Dependabot. Allowed values are days of the week full names (i.e., `monday`) |

test_env.py

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -957,8 +957,41 @@ def test_get_env_vars_exempt_ecosystems_unsupported_ecosystem(self):
957957
)
958958
def test_get_env_vars_exempt_ecosystems_trailing_comma(self):
959959
"""Test that EXEMPT_ECOSYSTEMS tolerates trailing commas"""
960+
expected_result = (
961+
"my_organization",
962+
[],
963+
"", # search_query
964+
None,
965+
None,
966+
b"",
967+
False,
968+
"my_token",
969+
"",
970+
[],
971+
"pull",
972+
"Enable Dependabot",
973+
"Dependabot could be enabled for this repository. \
974+
Please enable it by merging this pull request so that \
975+
we can keep our dependencies up to date and secure.",
976+
"",
977+
False,
978+
"Create/Update dependabot.yaml",
979+
None,
980+
False,
981+
["private", "public"],
982+
None, # batch_size
983+
False, # enable_security_updates
984+
["gomod", "docker"], # exempt_ecosystems
985+
False, # update_existing
986+
{}, # repo_specific_exemptions
987+
"weekly", # schedule
988+
"", # schedule_day
989+
None, # team_name
990+
[], # labels
991+
None,
992+
)
960993
result = get_env_vars(True)
961-
self.assertEqual(result[21], ["gomod", "docker"])
994+
self.assertEqual(result, expected_result)
962995

963996
@patch.dict(
964997
os.environ,

0 commit comments

Comments
 (0)