Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Dependabot for Github actions #11914

Merged
merged 3 commits into from
Apr 22, 2024
Merged

Add Dependabot for Github actions #11914

merged 3 commits into from
Apr 22, 2024

Conversation

pjonsson
Copy link
Contributor

@pjonsson pjonsson commented Apr 1, 2024
edited

Description

Dependabot will submit pull requests
when packages get new versions released.
After merging this, Dependabot should
open pull requests that resolve the warnings
for the workflows in the actions tab,
as seen here for example:

https://github.com/CesiumGS/cesium/actions/runs/8487635213
image

Link to Dependabot documentation:

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

Issue number and link

Testing plan

Does not do anything to the repository/production code, only difference is that Dependabot will open pull requests for updating Github action versions after this is merged.

Author checklist

  • I have submitted a Contributor License Agreement
  • I have added my name to CONTRIBUTORS.md
  • I have updated CHANGES.md with a short summary of my change
  • I have added or updated unit tests to ensure consistent code coverage
  • I have update the inline documentation, and included code examples where relevant
  • I have performed a self-review of my code

@pjonsson
Add Dependabot for Github actions
b55b108 
Dependabot will submit pull requests
when packages get new versions released.
After merging this, Dependabot should
open pull requests that resolve the warnings
for the workflows in the actions tab,
as seen here for example:

https://github.com/CesiumGS/cesium/actions/runs/8487635213

Link to Dependabot documentation:

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 1, 2024

Thank you for the pull request, @pjonsson! Welcome to the Cesium community!

In order for us to review your PR, please complete the following steps:

Review Pull Request Guidelines to make sure your PR gets accepted quickly.

@pjonsson
Copy link
Contributor Author

pjonsson commented Apr 1, 2024

I have signed the CLA and added myself to contributors (but I feel adding myself to contributors for a trivial thing diminishes the value of those who do the real work), not sure why github-actions bot is not updating the status.

@ggetz
Copy link
Contributor

ggetz commented Apr 1, 2024

Thanks @pjonsson!

This update is scope just for dependabot to update action versions, not other dependencies, correct?

@pjonsson
Copy link
Contributor Author

pjonsson commented Apr 1, 2024

Yes, merging this PR will make Dependabot submit pull requests for outdated Github actions in .github/workflows. If you want Dependabot to submit pull requests for other eco-systems, that requires additional lines in the same file.

@ggetz
Copy link
Contributor

ggetz commented Apr 22, 2024

Got it, thanks @pjonsson! We'll give this workflow a try.

@ggetz ggetz merged commit e499017 into CesiumGS:main Apr 22, 2024
4 checks passed
@pjonsson pjonsson deleted the add-dependabot branch April 22, 2024 16:34
@pjonsson
Copy link
Contributor Author

@ggetz it looks like the PRs opened by dependabot were merged. Do you want me to look into getting dependabot configured for submitting PRs for updating nodejs dependencies for this repository?

@ggetz
Copy link
Contributor

ggetz commented Apr 22, 2024

Not yet; though we may do so soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pjonsson @ggetz