Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Add config for dependabot. #697

Merged
merged 1 commit into from
Mar 22, 2024
Merged

chore: Add config for dependabot. #697

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
version: 2
updates:
- package-ecosystem: "github-actions"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is github-actions rather than cargo?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just want to auto-update for github-action, so it will let the dependabot create a PR to work for like that:

-       uses: actions/checkout@v3
+       uses: actions/checkout@v4

If you also want cargo to automatically upgrade dependencies, I'd be happy to add the configuration.

Copy link
Contributor Author

@liangyuanpeng liangyuanpeng Mar 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And i think the focus of xline at this stage is on the development of feature, so automatically updating cargo dependencies may not be that important.
No strong opinion from me.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO, automatically upgrade cargo dependencies is a good practice.

Copy link
Contributor Author

@liangyuanpeng liangyuanpeng Mar 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Phoenix500526
And just for confirm that you also want to schedule with daily for it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @bsbds ^^^

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My suggestion is to use monthly to reduce noise as much as possible at this stage if you want to enable aoto-update for cargo dependenices, and you can update it to weekly later.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, you've convinced me. Daily might be too frequent; weekly is a better option.

directory: "/"
schedule:
# Check for updates to GitHub Actions every day
interval: "daily"
# Allow up to 10 open pull requests for update github-actions
# 5 by default
# see https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
open-pull-requests-limit: 10
- package-ecosystem: "cargo"
directory: "/"
schedule:
interval: "weekly"
labels:
- "dependencies"
open-pull-requests-limit: 10
Loading