Add dependabot to IndyCatalyst CI/CD

bcgov / aries-vcr

Hyperledger Aries Verifiable Credential Registry (VCR) is a set of application level software components designed to accelerate the adoption of trustworthy entity to entity communications.

Apache License 2.0

78 stars 70 forks source link

Add dependabot to IndyCatalyst CI/CD #272

Closed swcurran closed 5 years ago

swcurran commented 5 years ago

Found on the rocketchat channels:

https://dependabot.com/docs/config-file/

It automatically detects new versions of dependencies and creates a pull request for them. Also does security PRs

dependabot was acquired by Github and is now free

This would be really useful for all of our repos, so let's experiment with it in indy-catalyst and/or indycat-agent. If it is good - we can expand it's use.

@WadeBarnes - please reassign if this should be a dev task.

FYI - @nrempel @esune @ianco @cywolf

WadeBarnes commented 5 years ago

Thinking we can just turn on the automated feature which is using dependabot;

WadeBarnes commented 5 years ago

I turned on Automated security fixes on all of the VON repositories over which I have control.

WadeBarnes commented 5 years ago

Process: Click on the Security tab for the repository. Enable Automated security fixes.