chore: Let dependabot update GitHub actions #1640
Conversation
.github/dependabot.yml
Outdated
| @@ -0,0 +1,10 @@ | |||
| version: 2 | |||
| updates: | |||
| - package-ecosystem: "pip" | |||
There was a problem hiding this comment.
Which dependencies would this end up updating?
There was a problem hiding this comment.
As far as I can see only doc/requirements.txt:
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#pip-and-pip-compile
But the PRs will not be auto-merged, you still have to merge the suggestions yourself, but you don't have to update manually anymore 😅
There was a problem hiding this comment.
Yes, I'm not a heavy user of dependabot, but many projects I maintain still receive security-oriented upgrade suggestions.
However with the docs is tricky: we don't have automatic tests that verify that the documentation is rendered correctly. Merging the change would generate new docs, which might be broken. So I don't think I want to run the risk.
Can you please limit the updates to the github actions, and set it to a monthly update? I don't think a weekly update is requested.
.github/dependabot.yml
Outdated
| - package-ecosystem: "github-actions" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "weekly" |
There was a problem hiding this comment.
Please add a newline at the end of the file.
reneleonhardt
force-pushed
the
add-dependabot
branch
from
7483112
to
36ccab0
Compare
reneleonhardt
changed the title
Let bots do some of the tedious work 😄