Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Add dependabot #536

Merged
merged 5 commits into from Jul 9, 2023
Merged

ci: Add dependabot #536

merged 5 commits into from Jul 9, 2023

Conversation

SKY-ALIN
Copy link
Contributor

@SKY-ALIN SKY-ALIN commented Jun 25, 2023
edited

Dependabot will make PRs to update dependencies weekly, it helps keep dependencies up to date. You don't need to add something to the repository's settings or this PR, it'll start to work after the merge.

GitHub page about it

An article about it on Medium

@SKY-ALIN SKY-ALIN changed the title Add dependabot feat: Add dependabot Jun 25, 2023
@coveralls
Copy link

coveralls commented Jun 26, 2023
edited

Coverage Status

coverage: 85.218%. remained the same when pulling 331ba7e on SKY-ALIN:master into 29cf0f5 on rust-bio:master.

@SKY-ALIN SKY-ALIN changed the title feat: Add dependabot ci: Add dependabot Jun 26, 2023
dlaehnemann
dlaehnemann approved these changes Jun 27, 2023
View reviewed changes
Copy link
Member

@dlaehnemann dlaehnemann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for suggesting this. Looks pretty straightforward to me!

dlaehnemann
dlaehnemann previously requested changes Jun 27, 2023
View reviewed changes
Copy link
Member

@dlaehnemann dlaehnemann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, one second. I'd probably move this alongside the other CI workflows into the .github/workflows/ directory. Other than that, this is good to go.

@SKY-ALIN
Copy link
Contributor Author

I suppose it's not possible because it must be stored exactly in the .github folder:

You must store this file in the .github directory of your repository. When you add or update the dependabot.yml file, this triggers an immediate check for version updates.

Source: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#about-the-dependabotyml-file

@dlaehnemann
Copy link
Member

Are you sure that subdirectories won't work? Should we try?

@SKY-ALIN
Copy link
Contributor Author

I'm not sure, let's try

dcroote
dcroote reviewed Jun 28, 2023
View reviewed changes
Copy link
Contributor

@dcroote dcroote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like everyone puts in .github and not the workflows subdirectory.

@dlaehnemann
Copy link
Member

But it does seem to work in sub-directories as well. @SKY-ALIN was so gracious as to try it out in the rust-bio-types repo:
rust-bio/rust-bio-types#48

@dlaehnemann
Copy link
Member

Would you nevertheless argue to keep it in the main .github/ folder, because that's the convention, @dcroote ?

@SKY-ALIN
Copy link
Contributor Author

Let's check how it works in the rust-bio-types repo. If we don't receive new PRs from Dependabot in a week, just move it back

@dlaehnemann
Copy link
Member

Yes, let's do that. And feel free to ping me in again, once you check!

@dcroote
Copy link
Contributor

dcroote commented Jun 29, 2023

I lean towards convention, but no strong preference myself. Waiting on the other repo and if it works, leaving it in the subdirectory sounds like a plan.

@SKY-ALIN
Copy link
Contributor Author

SKY-ALIN commented Jul 9, 2023

Finally, it doesn't work like that. We have to move it back to .github folder

dcroote
dcroote approved these changes Jul 9, 2023
View reviewed changes
Copy link
Contributor

@dcroote dcroote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for following up on this

@dcroote dcroote dismissed dlaehnemann’s stale review July 9, 2023 19:00

Dismissing in order to merge given we've arrived at our answer of where the file needs to be

@dcroote dcroote merged commit 174c82b into rust-bio:master Jul 9, 2023
8 of 9 checks passed
@dlaehnemann
Copy link
Member

Also, I realized we need to add a conventional commit prefix to the commit messages, to make the respective check pass. The suggested fix is in PR #542 (for future reference, if any of us introduce the dependabot elsewhere...).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dcroote dcroote dcroote approved these changes

@dlaehnemann dlaehnemann Awaiting requested review from dlaehnemann

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@SKY-ALIN @coveralls @dlaehnemann @dcroote