Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add dependabot for GH action update #2300

Merged
merged 1 commit into from
Jan 9, 2025
Merged

feat: add dependabot for GH action update #2300

merged 1 commit into from
Jan 9, 2025

Conversation

Rotzbua
Copy link
Contributor

@Rotzbua Rotzbua commented Oct 15, 2024

Advantage

Dependabot can automatically look for updated GH actions and rise a PR.

Since dependabot can be very annoying and spam a lot of PRs the GH actions related PRs are grouped into one single PR. Also the update frequency is limited to monthly.

Reference

#2299

kurtmckee
kurtmckee approved these changes Jan 6, 2025
View reviewed changes
Copy link
Contributor

@kurtmckee kurtmckee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@timothycrosley @staticdev Please review and merge this PR.

Fixes #2299

DanielNoord
DanielNoord reviewed Jan 9, 2025
View reviewed changes
.github/dependabot.yml
# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
- package-ecosystem: "github-actions"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also add pip here so we get updates for stuff defined in poetry?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be worthwhile, though almost all dependencies in pyproject.toml are dev dependencies.

Would it be an option to merge this as-is and then add pip later if still desired?

@DanielNoord DanielNoord merged commit 88b6dc3 into PyCQA:main Jan 9, 2025
1 check passed
@Rotzbua Rotzbua deleted the feat_depandabot branch January 10, 2025 17:21
@matthewhughes934 matthewhughes934 mentioned this pull request Jan 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kurtmckee kurtmckee kurtmckee approved these changes

@DanielNoord DanielNoord DanielNoord approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Rotzbua @kurtmckee @DanielNoord