search

RadarCOVID / radar-covid-android

Native Android app using DP^3T Android sdk to handle Exposure Notifications API from Google
Mozilla Public License 2.0
382 stars 84 forks source link

Create dependabot.yml 🔑 #31

Closed mercuriete closed 3 years ago

mercuriete commented 4 years ago

A little bit of background:

Dependabot is a github bot that keeps dependencies updated.

In conjuntion with a good continous integration system it will create a time saving system for keep your project in a sane state.

After this commit is merged into the master/main branch, the dependabot is triggered and it will create several PR in order to update the project.

If that PR becomes the project broken it will be catch by the CI system and you need to investigate why that PR is breaking the project.

Thanks for opening to the public this project.

PS: you can see the result of dependabot in my repo: https://github.com/mercuriete/radar-covid-android/pulls

Bump rootProject.daggerVersion from 2.27 to 2.28.3 dependencies

Bump mockito-core from 3.5.6 to 3.5.10 dependencies

Bump material from 1.2.0 to 1.2.1 dependencies

Bump dp3t-sdk-android from 1.0.3 to 1.0.4-dev-2-calibration dependencies

Bump gradle from 3.6.4 to 4.0.1 dependencies

PS2: this PR probably depends on #17 because CI is not working at this time

avecina commented 3 years ago

Thanks for the interesting suggestion, but we need to entablish a strong control over the dependency updates so we couldn't take advantage of this tool.