Dependabot ignore some workflow

I have many workflows, eg:


I want to skip at all dependabot updates in one workflow


but all other workflows should be checked.

For github action we provide root directory in configuration for out project:

version: 2
  - package-ecosystem: "github-actions"
    directory: "/"
      interval: "daily"
      - ????

So question is - how to prepare ignore options for such case.


Does the value of the input parameter β€œignore” on your action support filter patterns for paths, or array list?

If it can support filter patterns, you can reference to β€œPatterns to match file paths” to set the patterns.

If it also can support array list, you can list all the paths of the files you want to ignore.

It is not a github action, we are talking about dependabot configuration

For ignore and allow we have: dependency-name and versions.

In my case I don’t want to ignore special dependency but I want to ignore all dependencies from specific workflows.

1 Like


Yeah, I see that.
Looks like, the β€˜ignore’ option only can be used to filter the dependencies defined in the manifest or lock files. And it seems that the settings are applied to the repository by default. We can’t use it to filter the individual workflow.

For your case, maybe you can try like this:

  1. Set up two manifests or lock files in different directories in your repository, one for the workflows you want to ignore, and another for the workflows you want to allow.

  2. In the Dependabot configuration file, you can use the β€˜ignore’ option to ignore all the dependencies in a specified manifest or lock file. Or use the β€˜allow’ option allow all the dependencies in another manifest or lock file.

github action / workflow must be in specific directory
and dependabot lookup for it in this special place

@brightran can you show an example of configuration?

There is issue connected with this topic

If you interested - add some reaction to issue