rdbende
commented
6 months ago Thanks! This looks good to me, but I'll leave it to @geigi, he knows the current CI setup better.
Closed kbdharun closed 4 months ago
rdbende
commented
6 months ago Thanks! This looks good to me, but I'll leave it to @geigi, he knows the current CI setup better.
rdbende
commented
6 months ago Would be so cool if Dependabot could do update the Pypi dependencies in the Flatpak manifest as well.
kbdharun
commented
6 months ago Would be so cool if Dependabot could do update the Pypi dependencies in the Flatpak manifest as well.
Dependabot, unfortunately, doesn't support updating dependencies in the Flatpak manifest. I think https://github.com/flathub-infra/flatpak-external-data-checker would work for your use case.
geigi
commented
4 months ago Thanks for your contribution :) Travis CI is not used anymore so probably some leftover stuff from long time ago.
Changes
This PR adds a
dependabot.ymlconfig file to automate dependency updates for the GitHub actions (version) and the Pythonrequirements.txtfile.Dependabot is a built-in security feature in GitHub, it automatically opens PRs to update dependencies if there are moderate or high severity CVEs attached to an action/dependency (if it is enabled in https://github.com/geigi/cozy/security), this PR adds support for normal version updates (monthly) using dependabot for the dependencies. (In future, manual updates like #808 aren't necessary for the actions)
Offtopic: I noticed there are travis CI files in the repo, is it still being used (now that testing and releases are done via GitHub actions).