New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keep GitHub Actions up to date with Dependabot #1226
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if a weekly update isn't enough?
I also saw something about grouping updates... 🤔 Do you know about that? (Sometimes I feel dependabot can be a bit noisy...)
Switched to This repo only has just two Actions so I doubt that the volume of updates will be overwhelming. django-compressor/.github/workflows/ci.yml Lines 57 to 58 in 7face0f
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this looks good to me. Thanks.
(It was the pip packages that could do with grouping I think. Separate PR)
Thanks.
Batch up these updates to make them less chatty and more manageable as discussed at django-compressor#1226 (review) https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#scheduleinterval
* Schedule dependabot updates from PyPI to be weekly, not daily Batch up these updates to make them less chatty and more manageable as discussed at #1226 (review) https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#scheduleinterval * Group all PyPI updates into a single larger pull request
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot