From efee8642b45bb3faf76cf5cdbe169683a840e9f2 Mon Sep 17 00:00:00 2001
From: Chris Ashton <ChrisBAshton@users.noreply.github.com>
Date: Tue, 21 May 2024 14:56:02 +0100
Subject: [PATCH] Don't auto-merge rails

Rails [requires manual care when upgrading](https://docs.publishing.service.gov.uk/manual/keeping-software-current.html#rails), so should not be auto-merged.

By coincidence, govuk-dependabot-merger is not auto-merging rails upgrades (because it involves a change to both Gemfile and Gemfile.lock, and the merger service only allows a change to Gemfile.lock) but it is skipping rails by coincidence rather than by design. We should play it safe and explicitly exclude Rails from the allowlist.

See [Slack thread](https://gds.slack.com/archives/CAB4Q3QBW/p1715942643914479).
---
 .govuk_dependabot_merger.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.govuk_dependabot_merger.yml b/.govuk_dependabot_merger.yml
index 9bd9aaa47..869016912 100644
--- a/.govuk_dependabot_merger.yml
+++ b/.govuk_dependabot_merger.yml
@@ -5,3 +5,6 @@ defaults:
     - minor
   auto_merge: true
   update_external_dependencies: true
+overrides:
+  - dependency: rails # should be upgraded manually, see https://docs.publishing.service.gov.uk/manual/keeping-software-current.html#rails
+    auto_merge: false