-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update documentation for GitHub Actions #1461
Comments
@imbsky thanks for raising this, we've currently disabled actions support due to a bug that prevented Apps from modifying the workflow file, but might be able to re-enable now that it's fixed. |
Oh, I see! |
@feelepxyz When re-enable actions support, could you please update documentation and close this issue? |
@imbsky it's still a work in progress so not won't create any PRs yet. Hopefully we'll get this wrapped up in the next month or so. |
Great! |
Is this still disabled? |
@imbsky yeah sadly! There's new app permission that needs to be added which hasn't been prioritised yet. Waiting for an update on it. |
Okay, I'll wait. |
Any updates? |
@imbsky I'm chasing internally. Still need the new app permission to be deployed. |
@feelepxyz I'm both an Actions user and an outside contributor who has made some improvements, if Actions is supported by Dependabot, I don't have to manually create a lot of PR, so could you to enable it as soon as possible? I don't want to bother you, but please. |
We're waiting on an internal change to actions allowing any app to edit workflow files. It's not specific to Dependabot. |
Oh, I see. That sounds to take some time. |
The correct URL is https://github.blog/changelog/2020-04-07-github-apps-workflow-permission/ 🎉 |
It seems like something is still wrong. I have github_actions enabled, but it is not creating pull requests yet. I see in dependabot logs that it finds newer versions for actions though. |
This is not yet enabled. So nothing is wrong, but I hope it will be enabled asap. |
We've just launched a beta of Dependabot natively integrated into GitHub that supports updating Actiosn workflow files: https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/ Config file docs: https://help.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates FYI - the new version currently doesn't support private git dependencies. We're working on adding this over the next few months. |
It works! Great 🎉 peaceiris/actions-gh-pages#334 I will leave my feedback. (I do not know whether here is the right place for feedback or not.) Please detect pre-release and do not bump itThe actions/[email protected] is a beta version (pre-release). We need a useful filter for not bumping it.
|
@feelepxyz I don't see |
@peaceiris nice one, will take a look at the open pull request limit not being honoured.
Yep, it's on our list of improvements. Will see what metadata we can get from tags. @staticdev ah yes this page hasn't been fully rolled out yet. You can enable it from the |
@feelepxyz I've enabled Security Updates in 3 public repos of mine, then I entered dependabot.com and selected |
@staticdev thanks for reporting, looks like we've tried to generate an invalid config file. Will take a look at fixing this tomorrow 👌 |
@feelepxyz if you want the repos to check:
I also saw in the post that the file location (.github/dependabot.yml) is different from the path I've been using with dependabot-preview (.dependabot/config.yml). |
Thanks for reporting this @staticdev, we've fixed some issues and I think you should be able to upgrade now, could you try again? |
@jurre Good news! Dependabot could now create the pull requests, and changed the name/path of dependabot config file. One strange thing I noticed is that, all of the repositories I tested gave me this warning: The new version does not yet support private git dependencies. If you use these we recommend leaving Dependabot Preview active." I am curious to know what unsupported features since I am not using private repositories... |
You should be all good in that case 👍 we can't detect if the git dependencies you're using are private or not, so if you're using any git dependencies we show that warning. I'll think about the wording if we can make that more clear |
@feelepxyz I have 3 other questions regarding this new config, maybe you could help me out:
Thanks again. |
Yup, the default is 5
This should be set from your account settings in your dependabot dashboard. You can omit it and the default 5am UTC will be used.
Yup, this is broken with the updated and we're tracking this here: https://github.com/dependabot/feedback/issues/968 |
Thanks again!! |
Closing this as the original issue (lack of |
This page seems to be missing information about
github_actions
.https://dependabot.com/docs/config-file
The text was updated successfully, but these errors were encountered: