Fix group/ignore rules in dependabot.yml

The original "groups" approach caused inscrutable errors. In digging further I discovered that it also did not do what I thought it did - by "excluding" those dependencies from the group I was opening them up to individual PR updates. This removes the grouping since I can't be bothered to figure out how to make it work, and adds the proper `ignore` key for the dependencies we do not wish to auto-update. The latter can also be updated via @ commands to dependabot but I prefer to keep them catalogued here.
dbt-labs · Dec 20, 2023 · ed6638a · ed6638a
1 parent b9eb43e
commit ed6638a
Showing 1 changed file with 9 additions and 11 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -6,17 +6,15 @@ updates:
     schedule:
       interval: "weekly"
     rebase-strategy: "disabled"
-    groups:
-      all-dependencies:
-        # Dependabot uses a lot of heuristic matching, so it's not clear if we can separate prod from dev
-        exclude-patterns:
-          # We need to manually maintain all of our dbt and internal MetricFlow sub-package dependencies
-          - "dbt-*"
-          - "metricflow*"
-          # Manually exclude annoying-to-update dev dependencies
-          - "ruff"
-          - "pre-commit"
-          - "black"
+    ignore:
+      # Ignore all updates to dbt and metricflow packages for internal builds
+      - dependency-name: "dbt-*"
+      - dependency-name: "metricflow*"
+      # Manually exclude annoying-to-update dev dependencies
+      - dependency-name: "ruff"
+      - dependency-name: "pre-commit"
+      - dependency-name: "black"
+      - dependency-name: "mypy"
 
   # GitHub actions dependencies
   - package-ecosystem: "github-actions"