From 4584a1995732efc22d87da95602912a1d2fa634c Mon Sep 17 00:00:00 2001
From: Michael Vittrup Larsen <mivl@tv2.dk>
Date: Mon, 24 Apr 2023 08:47:05 +0200
Subject: [PATCH] Add dependabot ignores on client-go and api deps to keep some
 alignment with current Kubernetes versions

---
 .github/dependabot.yml | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index b444581e..d34579f5 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,11 +1,18 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
-  - package-ecosystem: "gomod" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      # The version of client-go and api should approximately match target Kubernetes version, i.e. only update semver-patch version
+      # Minor version updates then becomes a manual procedure. Security updates are not ignored by this
+      - dependency-name: "k8s-io/client-go"
+        versions: ["version-update:semver-minor"]
+      - dependency-name: "k8s-io/api"
+        versions: ["version-update:semver-minor"]
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"