Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep GitHub Actions up to date with Dependabot #1226

Merged
merged 2 commits into from Jan 18, 2024
Merged

Keep GitHub Actions up to date with Dependabot #1226

merged 2 commits into from Jan 18, 2024

Conversation

cclauss
Copy link
Contributor

@cclauss cclauss commented Jan 17, 2024

carltongibson
carltongibson reviewed Jan 17, 2024
View reviewed changes
Copy link
Contributor

@carltongibson carltongibson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if a weekly update isn't enough?

I also saw something about grouping updates... 🤔 Do you know about that? (Sometimes I feel dependabot can be a bit noisy...)

@cclauss
Copy link
Contributor Author

cclauss commented Jan 17, 2024
edited

Switched to weekly.

This repo only has just two Actions so I doubt that the volume of updates will be overwhelming.

django-compressor/.github/workflows/ci.yml

Lines 57 to 58 in 7face0f

- uses: actions/checkout@v3
- uses: actions/setup-python@v4

carltongibson
carltongibson approved these changes Jan 18, 2024
View reviewed changes
Copy link
Contributor

@carltongibson carltongibson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this looks good to me. Thanks.

(It was the pip packages that could do with grouping I think. Separate PR)

Thanks.

cclauss added a commit to cclauss/django-compressor that referenced this pull request Jan 18, 2024
@cclauss
Schedule dependabot updates from PyPI to be weekly, not daily
95273e9 
Batch up these updates to make them less chatty and more manageable as discussed at django-compressor#1226 (review)

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#scheduleinterval
@cclauss cclauss mentioned this pull request Jan 18, 2024
Merged
@carltongibson carltongibson merged commit e9b9048 into django-compressor:develop Jan 18, 2024
18 checks passed
@cclauss cclauss deleted the patch-1 branch January 18, 2024 08:12
diox pushed a commit that referenced this pull request Jan 18, 2024
@cclauss
Schedule dependabot PyPI updates to be weekly, not daily (#1227)
bf03e25 
* Schedule dependabot updates from PyPI to be weekly, not daily

Batch up these updates to make them less chatty and more manageable as discussed at #1226 (review)

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#scheduleinterval

* Group all PyPI updates into a single larger pull request
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carltongibson carltongibson carltongibson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cclauss @carltongibson