Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CI] Enable Dependabot for GitHub Actions #36056

Closed
kou opened this issue Jun 14, 2023 · 3 comments · Fixed by #36194
Closed

[CI] Enable Dependabot for GitHub Actions #36056

kou opened this issue Jun 14, 2023 · 3 comments · Fixed by #36194
Assignees
@kou
Labels
Component: Continuous Integration Type: enhancement
Milestone
13.0.0

Comments

@kou
Copy link
Member

kou commented Jun 14, 2023

Describe the enhancement requested

We can update GitHub Actions (semi) automatically by enabling Dependabot.

For example, we can enable Dependabot for GitHub Actions by adding .github/dependabot.yml:

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..76f39ea3d
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,23 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

See also: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

Component(s)

Continuous Integration
@kou
Copy link
Member Author

kou commented Jun 14, 2023
edited
Loading

We may want to configure the commit message by Dependabot to adjust our style. For example, we may want to use MINOR: [CI] prefix.
See also: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#commit-message

@westonpace
Copy link
Member

So this is just for upgrading our github actions? +1 to this idea.

@kou
Copy link
Member Author

kou commented Jun 21, 2023

Yes!

kou added a commit to kou/arrow that referenced this issue Jun 21, 2023
@kou
apacheGH-36056: [CI] Enable Dependabot for GitHub Actions
7a82865
@github-actions github-actions bot mentioned this issue Jun 21, 2023
Merged
raulcd pushed a commit that referenced this issue Jun 21, 2023
@kou
GH-36056: [CI] Enable Dependabot for GitHub Actions (#36194)
e6221c4 
### Rationale for this change

We can update GitHub Actions (semi) automatically by enabling Dependabot.

### What changes are included in this PR?

Add Dependabot configuration only for GitHub Actions.

### Are these changes tested?

No. Sorry. I want to test this by merging this to apache/arrow.

### Are there any user-facing changes?

No.
* Closes: #36056

Authored-by: Sutou Kouhei <kou@clear-code.com>
Signed-off-by: Raúl Cumplido <raulcumplido@gmail.com>
@raulcd raulcd added this to the 13.0.0 milestone Jun 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kou kou

Labels
Component: Continuous Integration Type: enhancement
Projects
None yet
Milestone
13.0.0
Development

Successfully merging a pull request may close this issue.

GH-36056: [CI] Enable Dependabot for GitHub Actions kou/arrow
3 participants
@kou @raulcd @westonpace