Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

automation: adding dependabot for github actions #174

Open
wants to merge 1 commit into
base: rubicon
Choose a base branch
from
Open

automation: adding dependabot for github actions #174

wants to merge 1 commit into from

Conversation

gordonkoehn
Copy link
Contributor

Dependabot itself already implements the functionality to keep GitHub actions up to date.

This PR implements a minimal viable dependabot workflow to update:

  • Github Actions only
  • on a weekly basis
  • pointing the PR to our dev branch rubicon
  • Call the commit message Github Actions: <<action updated>>

Optinally, we may want to labels to the workflow to add labels to the PR (we'd have to add these to the repo)

    labels:
      - "dependencies"
      - "github-actions"

@gordonkoehn gordonkoehn requested a review from Copilot March 11, 2025 12:04
@gordonkoehn gordonkoehn self-assigned this Mar 11, 2025
@gordonkoehn gordonkoehn linked an issue Mar 11, 2025 that may be closed by this pull request
Investigate Github Action Updater to V-Pipe #173
Open
@gordonkoehn gordonkoehn changed the base branch from master to rubicon March 11, 2025 12:04
Copilot
Copilot AI reviewed Mar 11, 2025
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR adds a Dependabot configuration to automatically update GitHub Actions on a weekly schedule with updates merged into the "rubicon" branch.

  • Added a new workflow file (.github/workflows/dependabot.yml) that configures Dependabot to target GitHub Actions updates, set a weekly schedule, and customize commit messages.
  • The commit message is configured with a prefix that supports additional scope information.

Reviewed Changes

File Description
.github/workflows/dependabot.yml New Dependabot workflow file for automating GitHub Actions dependency updates

Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.
@gordonkoehn gordonkoehn requested a review from DrYak March 11, 2025 12:04
@gordonkoehn gordonkoehn marked this pull request as ready for review March 11, 2025 12:05
@gordonkoehn gordonkoehn changed the title automation: adding dependabot fo github actions automation: adding dependabot for github actions Mar 11, 2025
@github-actions GitHub Actions
Copy link

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ BASH shellcheck 13 0 1.24s
✅ DOCKERFILE hadolint 1 0 0.31s
✅ JUPYTER jupyfmt 12 9 0 8.51s
✅ MARKDOWN markdownlint 17 3 0 2.24s
✅ PERL perlcritic 1 0 1.52s
✅ PYTHON black 53 1 0 2.6s
✅ SNAKEMAKE snakefmt 25 2 0 11.06s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@DrYak DrYak Awaiting requested review from DrYak

Assignees

@gordonkoehn gordonkoehn

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Investigate Github Action Updater to V-Pipe
1 participant
@gordonkoehn