Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: dependabot to automate GitHub actions updates #1118

Closed
realeinherjar opened this issue Sep 12, 2023 · 2 comments · Fixed by #1121
Closed

CI: dependabot to automate GitHub actions updates #1118

realeinherjar opened this issue Sep 12, 2023 · 2 comments · Fixed by #1121
Assignees
@realeinherjar
Labels
ci
Milestone
1.0.0-alpha.3

Comments

@realeinherjar
Copy link
Contributor

Currently there's a bunch of actions that are outdated, e.g.

bdk/.github/workflows/audit.yml

Line 16 in 2867e88

- uses: actions/checkout@v2

which is already on v4.

Adding a dependabot.yml to update these on a sane interval (weekly?) could help us.
It will automatically create PRs updating the CI GitHub actions.

dependabot was recently implemented in rust-bitcoin, see rust-bitcoin/rust-bitcoin#2052.
@realeinherjar realeinherjar added the new feature New feature or request label Sep 12, 2023
@realeinherjar
Copy link
Contributor Author

Assign it to me, I will add these today after work hours.

realeinherjar added a commit to realeinherjar/bdk that referenced this issue Sep 12, 2023
@realeinherjar
feat: add dependabot
6314221 
Fixes bitcoindevkit#1118.
Adds `dependabot.yml` to `.github/` to check for `"github-action"`
updates on a `"weekly"` basis.
This does not touch Rust code or Cargo workflows.

It will  create PRs and we would need to approve them
(they would be subject to the same merge policy)
to instantiate the proposed dependabots into `master`.
@realeinherjar realeinherjar mentioned this issue Sep 12, 2023
Merged
8 tasks
@apoelstra
Copy link

We did this in rust-bitcoin. I think it's been a net positive. It opens PRs to update versions of various things in the CI pipeline. Usually these are 1-line changes. No visible effects, but keeps us from getting too out of date.

realeinherjar added a commit to realeinherjar/bdk that referenced this issue Oct 2, 2023
@realeinherjar
feat: add dependabot
5aa8c7f 
Fixes bitcoindevkit#1118.
Adds `dependabot.yml` to `.github/` to check for `"github-action"`
updates on a `"weekly"` basis.
This does not touch Rust code or Cargo workflows.

It will  create PRs and we would need to approve them
(they would be subject to the same merge policy)
to instantiate the proposed dependabots into `master`.
@notmandatory notmandatory added this to BDK Nov 13, 2023
@notmandatory notmandatory moved this to Todo in BDK Nov 13, 2023
@notmandatory notmandatory added this to the 1.0.0-beta.0 milestone Nov 13, 2023
@notmandatory notmandatory added ci and removed new feature New feature or request labels Nov 13, 2023
@notmandatory notmandatory moved this from Todo to In Progress in BDK Nov 13, 2023
notmandatory added a commit to notmandatory/bdk that referenced this issue Nov 14, 2023
@notmandatory
Merge bitcoindevkit#1121: feat: add dependabot
b1d8719 
5aa8c7f feat: add dependabot (Einherjar)

Pull request description:

  Fixes bitcoindevkit#1118.
  Adds `dependabot.yml` to `.github/` to check for `"github-action"` updates on a `"weekly"` basis.
  This does not touch Rust code or Cargo workflows.

  It will  create PRs and we would need to approve them (they would be subject to the same merge policy)
  to instantiate the proposed dependabots into `master`.

  ### Changelog notice

  Added dependabot to automatically check GitHub Actions updates.

  ### Checklists

  #### All Submissions:

  * [X] I've signed all my commits
  * [X] I followed the [contribution guidelines](https://github.com/bitcoindevkit/bdk/blob/master/CONTRIBUTING.md)
  * [X] I ran `cargo fmt` and `cargo clippy` before committing

  #### New Features:

  * [ ] I've added tests for the new feature
  * [ ] I've added docs for the new feature

  #### Bugfixes:

  * [ ] This pull request breaks the existing API
  * [ ] I've added tests to reproduce the issue which are now passing
  * [X] I'm linking the issue being fixed by this PR

ACKs for top commit:
  notmandatory:
    ACK 5aa8c7f

Tree-SHA512: aca47d955849c24981a9c485775ce7e389a5b5b274fcd114f6e4583c2bf04f94fcd34e183064cd1da66db3560134b60feb0564ea42cbf97cb78d2c5e1aac0a1b
@github-project-automation github-project-automation bot moved this from In Progress to Done in BDK Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@realeinherjar realeinherjar

Labels
ci
Projects
BDK
Archived in project
Milestone
1.0.0-alpha.3
Development

Successfully merging a pull request may close this issue.

feat: add dependabot realeinherjar/bdk
3 participants
@apoelstra @notmandatory @realeinherjar