Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependabot configuration file #227

Merged
merged 1 commit into from Apr 5, 2022
Merged

Add dependabot configuration file #227

merged 1 commit into from Apr 5, 2022

Conversation

jrfnl
Copy link
Contributor

@jrfnl jrfnl commented Apr 5, 2022

Description

This commit adds an initial Dependabot configuration to:

  • Submit pull requests for security updates and version updates for GH Action runner dependencies.

The configuration has been set up to:

  • Run weekly.
  • Submit a maximum of 5 pull requests at a time.
    If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged.
  • The commit messages for PRs submitted by Dependabot will be prefixed according the conventions I've seen used in this repo in previous commits.

Motivation and context

Automate updating the versions of action runners used in the continuous integration workflow.

How has this been tested?

Tested elsewhere in another repo. The only thing I haven't "tested" is Dependabot not touching uses: ./ statements, but I kind of hope/trust that it won't.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

PR checklist

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING.md document.
  • I have added tests to cover my changes.

@jrfnl
Add dependabot configuration file
6541c10 
This commit adds an initial Dependabot configuration to:
* Submit pull requests for security updates and version updates for GH Action runner dependencies.

The configuration has been set up to:
* Run weekly.
* Submit a maximum of 5 pull requests at a time.
    If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged.
* The commit messages for PRs submitted by Dependabot will be prefixed according the conventions I've seen used in this repo in previous commits.
@jrfnl jrfnl requested a review from ramsey as a code owner April 5, 2022 23:22
@jrfnl jrfnl mentioned this pull request Apr 5, 2022
Merged
7 tasks
@codecov
Copy link

codecov bot commented Apr 5, 2022

Codecov Report

Merging #227 (6541c10) into v2 (69e970d) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##               v2     #227   +/-   ##
=======================================
  Coverage   98.29%   98.29%           
=======================================
  Files           5        5           
  Lines         117      117           
=======================================
  Hits          115      115           
  Misses          2        2

@ramsey
Copy link
Owner

ramsey commented Apr 5, 2022

Thank you!

@ramsey ramsey merged commit 72896eb into ramsey:v2 Apr 5, 2022
@jrfnl jrfnl deleted the feature/add-dependabot-config-for-ghactions branch April 6, 2022 00:00
@jrfnl
Copy link
Contributor Author

jrfnl commented Apr 6, 2022

You're welcome ;-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ramsey ramsey ramsey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jrfnl @ramsey