-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Dependabot for Github actions #11914
Conversation
Dependabot will submit pull requests when packages get new versions released. After merging this, Dependabot should open pull requests that resolve the warnings for the workflows in the actions tab, as seen here for example: https://github.com/CesiumGS/cesium/actions/runs/8487635213 Link to Dependabot documentation: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
Thank you for the pull request, @pjonsson! Welcome to the Cesium community! In order for us to review your PR, please complete the following steps:
Review Pull Request Guidelines to make sure your PR gets accepted quickly. |
I have signed the CLA and added myself to contributors (but I feel adding myself to contributors for a trivial thing diminishes the value of those who do the real work), not sure why github-actions bot is not updating the status. |
Thanks @pjonsson! This update is scope just for dependabot to update action versions, not other dependencies, correct? |
Yes, merging this PR will make Dependabot submit pull requests for outdated Github actions in |
Got it, thanks @pjonsson! We'll give this workflow a try. |
@ggetz it looks like the PRs opened by dependabot were merged. Do you want me to look into getting dependabot configured for submitting PRs for updating nodejs dependencies for this repository? |
Not yet; though we may do so soon. |
Description
Dependabot will submit pull requests
when packages get new versions released.
After merging this, Dependabot should
open pull requests that resolve the warnings
for the workflows in the actions tab,
as seen here for example:
https://github.com/CesiumGS/cesium/actions/runs/8487635213
Link to Dependabot documentation:
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
Issue number and link
Testing plan
Does not do anything to the repository/production code, only difference is that Dependabot will open pull requests for updating Github action versions after this is merged.
Author checklist
CONTRIBUTORS.md
CHANGES.md
with a short summary of my change