Skip to content

Commit

Permalink
chore(deps): add dependabot bundler (#647)
Browse files Browse the repository at this point in the history
* chore(deps): add dependabot bundler

The bundler PRs are getting out of control. Let's try and rein them in.

* updating the action to use signing

* remove pgp signing and add label
  • Loading branch information
Skarlso authored Mar 4, 2023
1 parent 9b9559f commit 9a37560
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 0 deletions.
40 changes: 40 additions & 0 deletions .github/workflows/dependabot_bundler.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: bundlebot

on:
workflow_dispatch: {}
schedule:
- cron: 0 0 * * 1 # every Monday at 00:00

jobs:
bundler:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: write
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version-file: '${{ github.workspace }}/go.mod'
- name: Cache go-build and mod
uses: actions/cache@v2
with:
path: |
~/.cache/go-build/
~/go/pkg/mod/
key: go-${{ hashFiles('go.sum') }}
restore-keys: |
go-
- name: Install Dependabot Bundler
run: |
go install github.com/Skarlso/[email protected]
- name: Run Dependabot Bundler
run: |
dependabot-bundler \
--token ${{ secrets.GITHUB_TOKEN }} \
--owner weaveworks-liquidmetal \
--repo flintlock \
--labels 'area/dependency,kind/cleanup,user-signing-required' \
--pr-title 'chore(deps): Bundle dependabot pull requests'
8 changes: 8 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ and run: mdtoc -inplace CONTRIBUTING.md
- [How the Maintainers process contributions](#how-the-maintainers-process-contributions)
- [Prioritizing issues](#prioritizing-issues)
- [Reviewing PRs](#reviewing-prs)
- [Dependabot Bundler](#dependabot-bundler)
- [ADRs (Architectural Decision Records)](#adrs-architectural-decision-records)
- [Process](#process)
- [:rocket: :tada: Thanks for reading! :tada: :rocket:](#rocket-tada-thanks-for-reading-tada-rocket)
Expand Down Expand Up @@ -542,6 +543,13 @@ while lower priority or nice-to-have things may take a little longer to get appr
To help facilitate a smoother and faster review, follow the guidelines [above](#pr-submission-guidelines).
Submissions which do not meet standards will be de-prioritised for review.

## Dependabot Bundler

There is an action that will periodically bundle dependabot pull requests into a single
pull request. This PR is not signed and has the label `user-signing-required`. This must be
done by a maintainer of the repository. Check out the PR and push an amending commit into
the existing branch. Then, the PR can be merged.

# ADRs (Architectural Decision Records)

Any impactful decisions to the architecture, design, development and behaviour
Expand Down

0 comments on commit 9a37560

Please sign in to comment.