Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Dependabot configuration for GitHub Actions updates #1046

Merged
merged 1 commit into from Nov 3, 2022
Merged

Add Dependabot configuration for GitHub Actions updates #1046

merged 1 commit into from Nov 3, 2022

Conversation

EwoutH
Copy link
Contributor

@EwoutH EwoutH commented Nov 1, 2022

Add a Dependabot configuration that checks once a week if the GitHub Actions are still using the latest version. If not, it opens a PR to update them.

It will actually open very few PRs, since we only have major versions specified (like v3), so only on a major v4 release it will update and open a PR.

See Keeping your actions up to date with Dependabot.

@EwoutH
Add Dependabot configuration for GitHub Actions updates
9434bcc 
Add a Dependabot configuration that checks once a week if the GitHub Actions are still using the latest version. If not, it opens a PR to update them.

It will actually open very few PRs, since we only have major versions specified (like v3), so only on a major v4 release it will update and open a PR.

See https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
choldgraf
choldgraf approved these changes Nov 3, 2022
View reviewed changes
Copy link
Collaborator

@choldgraf choldgraf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable to me!

@drammock drammock merged commit 768f5fb into pydata:main Nov 3, 2022
@drammock
Copy link
Collaborator

drammock commented Nov 3, 2022

It will actually open very few PRs, since we only have major versions specified (like v3), so only on a major v4 release it will update and open a PR.

seems this was incorrect @EwoutH --- see #1047 😅

@EwoutH
Copy link
Contributor Author

EwoutH commented Nov 3, 2022

Still only one PR, which is not bad and put out an interesting flaw of the current CI setup!

Specifically for that action, I would suggest using their stable release branch, like they recommend:

uses: pypa/gh-action-pypi-publish@release/v1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@choldgraf choldgraf choldgraf approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@EwoutH @drammock @choldgraf