Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce Dependabot #1317

Closed
wants to merge 1 commit into from
Closed

Introduce Dependabot #1317

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
version: 2

updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: monthly
- package-ecosystem: pip
directory: /
schedule:
interval: monthly
Comment on lines +8 to +11
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mrT23 I see your point. How about enabling this only for GitHub Actions? That would be helpful to catch up with updates of GitHub Actions.

Suggested change
- package-ecosystem: pip
directory: /
schedule:
interval: monthly
- package-ecosystem: pip
directory: /
schedule:
interval: monthly

Copy link
Collaborator

@mrT23 mrT23 Nov 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean " GitHub Actions" ? the GitHub Actions docker ?
It needs to be consistent with the other ones.

If keeping with the latest security patches is a must for you, thank I think a docker from a fork is a better option.

On Qodo Merge Pro we do that, but that's not something I intend to do from an open source.

But thanks for the PR, I do appreciate the initiative

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mrT23 Dependabot automatically create a pull request to upgrade GitHub Actions.For instance, the subsequent pull request automatically created by Dependabot is about upgrading actions/setup-go from 4.1.0 to 5.0.0. Dependabot would be very useful even to catch up with updates of GitHub Actions.

ubie-oss/terraform-provider-lightdash#64

As I describe in the description of the pull request, some Actions in this repository looks outdated. actionlint enables us to find outdated GitHub Actions.If we execute an actionlint command in the repository, I got the warnings.

$ actionlint

.github/workflows/build-and-test.yaml:17:15: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
   |
17 |         uses: actions/checkout@v2
   |               ^~~~~~~~~~~~~~~~~~~
.github/workflows/build-and-test.yaml:25:15: the runner of "docker/build-push-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
   |
25 |         uses: docker/build-push-action@v2
   |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~
.github/workflows/code_coverage.yaml:18:15: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
   |
18 |         uses: actions/checkout@v2
   |               ^~~~~~~~~~~~~~~~~~~
.github/workflows/code_coverage.yaml:26:15: the runner of "docker/build-push-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
   |
26 |         uses: docker/build-push-action@v2
   |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~
.github/workflows/docs-ci.yaml:23:9: shellcheck reported issue in this script: SC2086:info:1:40: Double quote to prevent globbing and word splitting [shellcheck]
   |
23 |       - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
   |         ^~~~
.github/workflows/e2e_tests.yaml:14:15: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
   |
14 |         uses: actions/checkout@v2
   |               ^~~~~~~~~~~~~~~~~~~
.github/workflows/e2e_tests.yaml:21:15: the runner of "docker/build-push-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
   |
21 |         uses: docker/build-push-action@v2
   |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~
.github/workflows/pre-commit.yml:1:1: workflow is empty [syntax-check]
  |
1 | # disabled. We might run it manually if needed.
  | ^

Loading