- Notifications
You must be signed in to change notification settings - Fork66
Enable Dependabot version updates for Actions#89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This enables Dependabot version updates for GitHub Actions only(not Python dependencies), using the exact same configuration as inGitPython.
Thank you, Depandabot sounds like it could be helpful. I may mention that So if there would be a breaking change I'd love to do then it's to remove |
This updates smmap's CI configuration in ways that are in line withrecent updates to gitdb's. In most cases there is no difference inthe changes, and the reason for the updates is more to avoidconfusing differences than from the value of the changesthemselves. In one case, there is a major difference (fetch-depth).-gitpython-developers/gitdb#89 (same)-gitpython-developers/gitdb#90 (same) It's just the project, not dependencies, but otherwise the same.-gitpython-developers/gitdb#92 (opposite) This is the major difference. We don't need more than the tip of the branch in these tests. Keeping the default fetch-depth of 1 by not setting it explicitly avoids giving the impression that the tests here are doing something they are not (and also serves as a speed optimization).-gitpython-developers/gitdb#93 (same)
This enables Dependabot version updates for GitHub Actions only (not Python dependencies), using the exact same configuration asin GitPython.
Since this repository is less active than the GitPython repository, I considered changing the
dependabot.ymlfile to check for updatesmonthlyrather thanweekly. But I did not do so, because the GitHub Actions used in this repository's workflow are requested using major versions, and automatically use the latest minor (and, where applicable, patch) version in that major version automatically. As a result, Dependabot only needs to offer updates when a new major version comes out, which is a fairly infrequent event. So it is unlikely that this would ever generate an excessive number of automated pull requests.Because actions versions were recently updated as part of#88 (in32d12aa), if this pull request is merged then it should not be expected to cause Dependabot to generate any pull requests in the immediate future.