Configure Dependabot for action bumps in all production branches #18
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This repository is used to host demonstrations related to using Arduino CLI with GitHub Actions. In addition to the demo of the "arduino/setup-arduino-cli" action hosted in the `master` branch, there is a demo of the "arduino/compile-sketches" action in the `dependabot-all-production-branches`. This branch is a permanent and maintained part of the repository rather than a temporary development or staging branch. Dependabot is configured to periodically check the versions of all GitHub Actions actions used in the repository's workflows. If any are found to be outdated, it will automatically submit a pull request to update them. These updates are especially important in workflows that are used as a reference to the community for setting up continuous integration of their Arduino projects. Previously, Dependabot was only configured to provide such updates for the workflows in the `master` branch, leaving maintenance (or lack thereof) of the workflow dependencies in the `dependabot-all-production-branches` branch to be handled entirely manually. Dependabot is hereby configured to also provide update PRs for the workflow dependencies in the `dependabot-all-production-branches` branch.
per1234
added
type: enhancement
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This repository is used to host demonstrations related to using Arduino CLI with GitHub Actions. In addition to the demo of the "arduino/setup-arduino-cli" action hosted in the
masterbranch, there is a demo of the "arduino/compile-sketches" action in thecompile-sketches-demo. This branch is a permanent and maintained part of the repository rather than a temporary development or staging branch.Dependabot is configured to periodically check the versions of all GitHub Actions actions used in the repository's workflows. If any are found to be outdated, it will automatically submit a pull request to update them. These updates are especially important in workflows that are used as a reference to the community for setting up continuous integration of their Arduino projects.
Previously, Dependabot was only configured to provide such updates for the workflows in the
masterbranch, leaving maintenance (or lack thereof) of the workflow dependencies in thedependabot-all-production-branchesbranch to be handled entirely manually (e.g., #16).Dependabot is hereby configured to also provide update PRs for the workflow dependencies in the
compile-sketches-demobranch.Reference:
https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#target-branch
Note that, although not documented, Dependabot always uses the configuration file from the default branch of the repository, even for managing dependencies of another branch.
Example of the use of Dependabot to manage GitHub Actions action dependencies in multiple production branches:
https://github.com/arduino/library-registry/blob/main/.github/dependabot.yml