Closed kbdharun closed 4 months ago
Thanks! This looks good to me, but I'll leave it to @geigi, he knows the current CI setup better.
Would be so cool if Dependabot could do update the Pypi dependencies in the Flatpak manifest as well.
Would be so cool if Dependabot could do update the Pypi dependencies in the Flatpak manifest as well.
Dependabot, unfortunately, doesn't support updating dependencies in the Flatpak manifest. I think https://github.com/flathub-infra/flatpak-external-data-checker would work for your use case.
Thanks for your contribution :) Travis CI is not used anymore so probably some leftover stuff from long time ago.
Changes
This PR adds a
dependabot.yml
config file to automate dependency updates for the GitHub actions (version) and the Pythonrequirements.txt
file.Dependabot is a built-in security feature in GitHub, it automatically opens PRs to update dependencies if there are moderate or high severity CVEs attached to an action/dependency (if it is enabled in https://github.com/geigi/cozy/security), this PR adds support for normal version updates (monthly) using dependabot for the dependencies. (In future, manual updates like #808 aren't necessary for the actions)
Offtopic: I noticed there are travis CI files in the repo, is it still being used (now that testing and releases are done via GitHub actions).