Skip to content

Configure Dependabot to check for outdated actions used in workflows #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 9, 2021
Merged

Configure Dependabot to check for outdated actions used in workflows #4

merged 1 commit into from
Apr 9, 2021

Conversation

@per1234
Copy link
Contributor

@per1234 per1234 commented Apr 9, 2021

Dependabot will periodically check the versions of all actions used in the repository's workflows. If any are found to be outdated, it will submit a pull request to update them.

NOTE: Dependabot's PRs will sometimes try to pin to the patch version of the action (e.g., updating uses: foo/bar@v1 to uses: foo/bar@v2.3.4). When the action author has provided a major version ref, use that instead (e.g., uses: foo/bar@v2). Once the major version has been updated in the workflow, Dependabot should not submit an update PR again until the next major version bump. So even if the PRs from Dependabot are not always exactly correct, their value lies in bringing the maintainer's attention to the fact that the action version in use is outdated. Dependabot will automatically close its PR once the workflow has been updated.

More information:
https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot

@per1234
Configure Dependabot to check for outdated actions used in workflows
cb3d800 
Dependabot will periodically check the versions of all actions used in the repository's workflows. If any are found to
be outdated, it will submit a pull request to update them.
NOTE: Dependabot's PRs will sometimes try to pin to the patch version of the action (e.g., updating `uses: foo/bar@v1`
to `uses: foo/bar@v2.3.4`). When the action author has provided a major version ref, use that instead
(e.g., `uses: foo/bar@v2`). Dependabot will automatically close its PR once the workflow has been updated.
More information:
https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot
@per1234 per1234 added type: enhancement Proposed improvement topic: infrastructure Related to project infrastructure labels Apr 9, 2021
@github-actions
Copy link
Contributor

github-actions bot commented Apr 9, 2021

Hi @per1234. Your pull request has been detected as something other than a Library Manager submission. A maintainer will need to review it before it can be merged.

If you intended to submit a library, please check the instructions and update your pull request if necessary:
https://github.com/arduino/library-registry/blob/main/README.md#instructions

@github-actions github-actions bot added other and removed topic: infrastructure Related to project infrastructure type: enhancement Proposed improvement labels Apr 9, 2021
@per1234 per1234 merged commit f0f7dd1 into arduino:main Apr 9, 2021
@per1234 per1234 deleted the dependabot branch April 9, 2021 15:17
@rsora rsora added the topic: other Something other than a library list request label Sep 22, 2021
@per1234 per1234 removed the other label Oct 20, 2021
@per1234 per1234 self-assigned this Nov 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@rsora rsora rsora approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@per1234 per1234

Labels

topic: other Something other than a library list request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@per1234 @rsora