How can you make dependabot ignore unstable nginx releases (odd verison numbers)?

28 views Asked by At

ngingx has a weird versioning schema:

mainline: Mainline is the active development branch where the latest features and bug fixes get added. It is denoted by an odd number in the second part of the version number, for example 1.21.0. stable: Stable receives fixes for high‑severity bugs, but is not updated with new features. It is denoted by an even number in the second part of the version number, for example 1.22.0. The stable branch never receives new functionality during its lifecycle and typically receives just one or two updates, for critical bug fixes.

https://endoflife.date/nginx

nginx itself confirms this odd (pun not intended) versioning schema.

However, dependabot anyway creates a PR (e.g. https://github.com/PrivateBin/privatebin.info-pelican/pull/31). You manually ignore a minor version, but yet again this if needed for each odd release (okay, this time pun is intended) of nginx.

  • Can you somehow ignore all odd minor version numbers?
  • Can this maybe be built-in into dependabot, as nginx is such a popular software?

Question cross-posted on GitHub org discussions.

1

There are 1 answers

0
Danila Vershinin On

If you proceed to the link in that website, you'll find that:

For NGINX Open Source, the word “stable” refers to functionality and update frequency, not software quality.

Mainline isn't really a development branch in the actual sense, it's stable as well.

That said, you can automatically fetch specific branch of NGINX using lastversion utility and there's a GitHub action dedicated to it, e.g. in your GitHub workflow:

    steps:
      # ...
      - name: Download stable NGINX
        uses: dvershinin/lastversion-action@main
        with:
          repository: 'nginx'
          action: 'unzip'
          branch: 'stable'
      - name: Confirm NGINX source files are in the current directory
        run: ls -al
      # ...