Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependabot.yml #1174

Merged
merged 1 commit into from
Mar 11, 2024
Merged

Add dependabot.yml #1174

merged 1 commit into from
Mar 11, 2024

Conversation

arbourd
Copy link
Member

@arbourd arbourd commented Mar 5, 2024
edited
Loading

We already use dependabot for security related patches, by default.

This change adds a dependabot.yml configuration file that explicitly enables the service to manage versions of Actions in GitHub Actions. This ensures that Actions like setup-go are updated timely.

This change does not affect how Dependabot manages versions for Go, Rust, etc. The file can be used to configure that for additional package managers and languages in the future, if desired.

@arbourd
Add dependabot.yml
346afc8 
We already use dependabot for security related patches, by default.

This change adds a dependabot.yml configuration file that explicitly
enables the service to manage versions of Actions in GitHub Actions.
This ensures that Actions like `setup-go` are updated timely.

This change does not affect how Dependabot manages versions for Go,
Rust, etc. The file can be used to configure that for additional
package managers and languages in the future, if desired.
@ac000
Copy link
Member

ac000 commented Mar 5, 2024
edited
Loading

EDIT: Use the right url...

So how does this actually look like?

This?

As long as it won't be doing something funky like automatically committing changes to the repository...

@arbourd
Copy link
Member Author

arbourd commented Mar 5, 2024

It wouldn't update the repository directly @ac000, but it will open a PR. It would look something like this: arbourd/concourse-slack-alert-resource#115

ac000
ac000 approved these changes Mar 11, 2024
View reviewed changes
Copy link
Member

@ac000 ac000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, let's see how this goes...

@arbourd arbourd merged commit 2e61525 into nginx:master Mar 11, 2024
17 checks passed
@arbourd arbourd deleted the dependabot branch March 11, 2024 13:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ac000 ac000 ac000 approved these changes

@callahad callahad Awaiting requested review from callahad

@andrey-zelenkov andrey-zelenkov Awaiting requested review from andrey-zelenkov

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arbourd @ac000