Introduce Dependabot #1317
Introduce Dependabot #1317
Conversation
Signed-off-by: Yu Ishikawa <[email protected]>
|
Hi @yu-iskw and thanks for the PR. When you upgrade packages, things can break. Especially when you try to work with new and state-of-the-art models and algorithms. Hence, I prefer to upgrade packages on a need basis, and not on every new release. Its too much work to verify after each release that everything works as expected. |
| - package-ecosystem: pip | ||
| directory: / | ||
| schedule: | ||
| interval: monthly |
There was a problem hiding this comment.
@mrT23 I see your point. How about enabling this only for GitHub Actions? That would be helpful to catch up with updates of GitHub Actions.
| - package-ecosystem: pip | |
| directory: / | |
| schedule: | |
| interval: monthly | |
| - package-ecosystem: pip | |
| directory: / | |
| schedule: | |
| interval: monthly |
There was a problem hiding this comment.
What do you mean " GitHub Actions" ? the GitHub Actions docker ?
It needs to be consistent with the other ones.
If keeping with the latest security patches is a must for you, thank I think a docker from a fork is a better option.
On Qodo Merge Pro we do that, but that's not something I intend to do from an open source.
But thanks for the PR, I do appreciate the initiative
There was a problem hiding this comment.
@mrT23 Dependabot automatically create a pull request to upgrade GitHub Actions.For instance, the subsequent pull request automatically created by Dependabot is about upgrading actions/setup-go from 4.1.0 to 5.0.0. Dependabot would be very useful even to catch up with updates of GitHub Actions.
ubie-oss/terraform-provider-lightdash#64
As I describe in the description of the pull request, some Actions in this repository looks outdated. actionlint enables us to find outdated GitHub Actions.If we execute an actionlint command in the repository, I got the warnings.
$ actionlint
.github/workflows/build-and-test.yaml:17:15: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
|
17 | uses: actions/checkout@v2
| ^~~~~~~~~~~~~~~~~~~
.github/workflows/build-and-test.yaml:25:15: the runner of "docker/build-push-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
|
25 | uses: docker/build-push-action@v2
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
.github/workflows/code_coverage.yaml:18:15: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
|
18 | uses: actions/checkout@v2
| ^~~~~~~~~~~~~~~~~~~
.github/workflows/code_coverage.yaml:26:15: the runner of "docker/build-push-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
|
26 | uses: docker/build-push-action@v2
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
.github/workflows/docs-ci.yaml:23:9: shellcheck reported issue in this script: SC2086:info:1:40: Double quote to prevent globbing and word splitting [shellcheck]
|
23 | - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
| ^~~~
.github/workflows/e2e_tests.yaml:14:15: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
|
14 | uses: actions/checkout@v2
| ^~~~~~~~~~~~~~~~~~~
.github/workflows/e2e_tests.yaml:21:15: the runner of "docker/build-push-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
|
21 | uses: docker/build-push-action@v2
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
.github/workflows/pre-commit.yml:1:1: workflow is empty [syntax-check]
|
1 | # disabled. We might run it manually if needed.
| ^
Motivation
Dependabot automatically sends pull requests to upgrade dependencies like GitHub Actions and python modules. That would be useful to easily catch up with updates on dependencies.
For instance, the used
actions/checkoutis outdated. Dependabot will send pull requests to upgrade ones.pr-agent/.github/workflows/e2e_tests.yaml
Line 14 in 7186bf4
Reference