Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Dependabot for GitHub actions and Terraform #318

Merged
merged 2 commits into from Feb 5, 2021
Merged

Enable Dependabot for GitHub actions and Terraform #318

merged 2 commits into from Feb 5, 2021

Conversation

jakemulley
Copy link
Contributor

@jakemulley jakemulley commented Feb 5, 2021
edited

This PR enables Dependabot to complete version checking for Terraform and GitHub actions.

This is different to vulnerability scanning via dependabot, in that this configuration will automatically create PRs for new versions of things even if there aren't any security vulnerabilities reported in the old version.

The configuration can be validated through Dependabot through and there is an open issue as to why each directory needs its own declaration at dependabot/dependabot-core#2178.

Also note that Dependabot doesn't currently support HCL2, so the Terraform configuration won't be functional until they do; but it's on the roadmap for Q1 2021.

@jakemulley jakemulley added documentation Improvements or additions to documentation dependencies Pull requests that update a dependency file labels Feb 5, 2021
@jakemulley jakemulley added this to the Centralise milestone Feb 5, 2021
@jakemulley jakemulley requested a review from a team as a code owner February 5, 2021 14:22
@jakemulley jakemulley self-assigned this Feb 5, 2021
@jakemulley jakemulley added this to In progress in Modernisation Platform via automation Feb 5, 2021
@github-actions github-actions bot removed dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation labels Feb 5, 2021
@jakemulley jakemulley merged commit 30664e7 into main Feb 5, 2021
Modernisation Platform automation moved this from In progress to Done Feb 5, 2021
@jakemulley jakemulley deleted the dependabot branch February 5, 2021 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zuriguardiola zuriguardiola zuriguardiola approved these changes

Assignees

@jakemulley jakemulley

Labels
None yet
Projects
No open projects
Modernisation Platform
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jakemulley @zuriguardiola