dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard

Published 20 hours ago verified publisher icon dependabot

Update badges to be compatible with the new native GitHub Dependabot

Open CasperWA opened this issue 4 years ago • 16 comments

The otherwise excellent badge (or shield) is currently "failing", writing inactive when moving to the new native GitHub Dependabot system. This sends the wrong message, hence it should be updated to the new system as well.

CasperWA avatar Jun 13 '20 20:06 CasperWA

@CasperWA thanks for reporting this! Adding to our backlog.

feelepxyz avatar Jun 15 '20 11:06 feelepxyz

@feelepxyz do you have a timeframe for a fix?

staticdev avatar Jul 03 '20 20:07 staticdev

I just started migrating repos over to the version of dependabot and ran into this too...

genebean avatar Jul 07 '20 15:07 genebean

@feelepxyz any updates?

barrelful avatar Jul 21 '20 14:07 barrelful

@feelepxyz any updates?

paolocattani avatar Nov 25 '20 13:11 paolocattani

@feelepxyz maybe a good idea to prioritise this in the backlog? As you can see, many projects are dropping dependabot badge which is a great marketing for your work.

staticdev avatar Dec 05 '20 06:12 staticdev

Friendly ping 👈

domdfcoding avatar Feb 14 '21 19:02 domdfcoding

any updates on this?

mgagliardo91 avatar Mar 16 '21 20:03 mgagliardo91

@mgagliardo91 I consider this abandoned.

staticdev avatar Mar 17 '21 08:03 staticdev

This is of greater importance now that there is a date set for Dependabot Preview to shut down.

domdfcoding avatar Apr 30 '21 20:04 domdfcoding

It's not shutdown, you cannot install it anymore. Any news on the badge now? :)

fharper avatar May 16 '21 00:05 fharper

We really need the ability to show a dependabot badge in the README of our private repos because there is otherwise no way to know if Dependabot has been failing or not. If dependabot fails to run (i.e. it lost access to a private repo), it doesn't send any emails or notifications, it just suddenly stops creating new PRs which gives the organization a false sense of security that "everything is fine". I can see why you don't want dependabot sending out warning emails on every check-in that it fails to complete (i.e. you set a limit to the max number of PRs or you've manually edited a PR, etc), but it also seems like a HUGE failure that dependabot can just silently fail for days/weeks and never notify anyone. I don't even get any indication in the daily/weekly summary emails that it's been silently failing because those only summarize active alerts/PRs.

mwaddell avatar Sep 24 '21 20:09 mwaddell

Maybe this could be finally addressed using a custom workflow (see task #4680)?

mwaddell avatar Jan 29 '22 18:01 mwaddell

@feelepxyz any updates for this issue please ?

agneszitte avatar May 17 '22 21:05 agneszitte

@feelepxyz its been many moons. any updates on this?

gagansuie avatar Aug 25 '22 22:08 gagansuie

Let me look into this one and get back to you. We need to make a decision either way on what the plan is, whether to support these going forward or not. I'd personally like to support them, but that would require some engineering work + ongoing maintenance of it, so no promises that we'll be able to do that. And might take me a little time to connect with everyone to figure out a decision. But we need to make a decision so we don't keep you all hanging.

jeffwidman avatar Aug 30 '22 05:08 jeffwidman

I haven't circled back on this because there's been some internal debate on this.

At this point, the general consensus seems to be that we will support these at some point, but that it's not the highest priority so may take a bit longer to get to it.

jeffwidman avatar Nov 24 '22 07:11 jeffwidman

Any updates to this feature request?

SamuelMarks avatar Jan 09 '24 18:01 SamuelMarks