Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup automatic dependabot PR merges #121

Open
rferreira opened this issue Dec 8, 2024 · 2 comments
Open

Setup automatic dependabot PR merges #121

rferreira opened this issue Dec 8, 2024 · 2 comments

Comments

@rferreira
Copy link
Collaborator

rferreira commented Dec 8, 2024
edited
Loading

Background:
Dependabot opens PR for dependencies with vulnerabilities. This is not as helpful as it look as these PRs need to be manually reviewed and merged.

Outcome:
When this ticket is done, for this repo, we will have configured dependabot to create, at most, 1 PR per week for all the dependencies and, if all checks pass for the PR, automatically merge it.
@rferreira
Copy link
Collaborator Author

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions

BernardoScantamburlo added a commit that referenced this issue Jan 5, 2025
@BernardoScantamburlo
Automatic Merge Dependabot Changes
7e830fa 
Updates dependabot to automatically merge pull requests if all tests pass, as well as only opening 1 pr per week #121
@BernardoScantamburlo BernardoScantamburlo mentioned this issue Jan 5, 2025
Merged
@BernardoScantamburlo
Copy link
Contributor

BernardoScantamburlo commented Jan 5, 2025
edited
Loading

Wait to verify that the updated code works before closing the ticket

Resolve already open Dependabot pr from 6/17/24

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rferreira @BernardoScantamburlo