Add a Dependabot config to keep GitHub action versions updated

h2non / jsonpath-ng

Finally, a JSONPath implementation for Python that aims to be standard compliant. That's all. Enjoy!

Apache License 2.0

593 stars 86 forks source link

Add a Dependabot config to keep GitHub action versions updated #135

Closed kurtmckee closed 1 year ago

kurtmckee commented 1 year ago

This PR introduces a Dependabot config to keep GitHub action versions updated in perpetuity.

When an action used in ci.yaml is updated (for example, actions/checkout@v3, which was recently updated to v4), Dependabot will submit a PR to update the action version.

If this merges, Dependabot will immediately open a PR to update actions/checkout to v4, and will monitor for updates on a monthly basis. :+1:

michaelmior commented 1 year ago

Looks good. Thanks!

kurtmckee commented 12 months ago

@michaelmior, I found out recently that forks of other repos need to take an additional step to enable Dependabot, which is why Dependabot hasn't opened a PR to update actions/checkout. I didn't realize that when I submitted this PR.

Summary of the docs:

Under "Code security and analysis", to the right of "Dependabot version updates", click Enable to allow Dependabot to initiate version updates.

michaelmior commented 12 months ago

@kurtmckee Yes, I know that's an issue but unfortunately I don't have the permissions to make the change.

kurtmckee commented 12 months ago

@h2non, would you enable "Dependabot version updates" in the settings?

h2non commented 11 months ago

@kurtmckee Done!

kurtmckee commented 11 months ago

Thank you so much!

I'm interested in driving the project forward with more contributions. Would you consider giving me the ability to merge PRs?