From 14679da37fcd718f9b65bc6357dc9f0262602897 Mon Sep 17 00:00:00 2001 From: Kyle Willmon Date: Fri, 29 Apr 2022 15:45:34 -0500 Subject: [PATCH 1/2] Automatically run `cargo update` in a workflow This runs a basic `cargo update` in a Github Action and creates a PR with any changes. Combined with limiting Dependabot to major version updates, this should resolve concerns about too many PRs and being too strict in our Cargo.toml files. Ref: Discussion on #325 --- .github/dependabot.yml | 3 +++ .github/workflows/cargo-update.yml | 27 +++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 .github/workflows/cargo-update.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c2a62923b..e60199fed 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,6 +4,9 @@ updates: directory: "/" schedule: interval: weekly + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-minor", "version-update:semver-patch"] - package-ecosystem: "github-actions" directory: "/" schedule: diff --git a/.github/workflows/cargo-update.yml b/.github/workflows/cargo-update.yml new file mode 100644 index 000000000..1081c2f2a --- /dev/null +++ b/.github/workflows/cargo-update.yml @@ -0,0 +1,27 @@ +--- +name: Test + +on: + workflow_dispatch: + # Run every Monday + schedule: + - cron: '30 5 * * 1' + +jobs: + cargo-update: + runs-on: ubuntu-latest + steps: + - name: Checkout the repo + uses: actions/checkout@v3 + + - name: Cargo update + run: cargo update + + - name: Create Pull Request + uses: peter-evans/create-pull-request@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: "chore: Bump dependencies" + body: | + Bump dependencies in Cargo.lock for all SemVer-compatible updates. + branch: auto-cargo-update From a5a1e9e997905641e05eb03fc8a0af8dbc7404c5 Mon Sep 17 00:00:00 2001 From: Kyle Willmon Date: Mon, 2 May 2022 14:56:35 -0500 Subject: [PATCH 2/2] Use better names --- .github/workflows/cargo-update.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cargo-update.yml b/.github/workflows/cargo-update.yml index 1081c2f2a..671e40d8e 100644 --- a/.github/workflows/cargo-update.yml +++ b/.github/workflows/cargo-update.yml @@ -1,5 +1,5 @@ --- -name: Test +name: Update Deps on: workflow_dispatch: @@ -21,7 +21,7 @@ jobs: uses: peter-evans/create-pull-request@v4 with: token: ${{ secrets.GITHUB_TOKEN }} - commit-message: "chore: Bump dependencies" + commit-message: "build: Bump dependencies" body: | Bump dependencies in Cargo.lock for all SemVer-compatible updates. branch: auto-cargo-update