Closed kurtmckee closed 1 year ago
Looks good. Thanks!
@michaelmior, I found out recently that forks of other repos need to take an additional step to enable Dependabot, which is why Dependabot hasn't opened a PR to update actions/checkout
. I didn't realize that when I submitted this PR.
Summary of the docs:
Under "Code security and analysis", to the right of "Dependabot version updates", click Enable to allow Dependabot to initiate version updates.
@kurtmckee Yes, I know that's an issue but unfortunately I don't have the permissions to make the change.
@h2non, would you enable "Dependabot version updates" in the settings?
@kurtmckee Done!
Thank you so much!
I'm interested in driving the project forward with more contributions. Would you consider giving me the ability to merge PRs?
This PR introduces a Dependabot config to keep GitHub action versions updated in perpetuity.
When an action used in
ci.yaml
is updated (for example,actions/checkout@v3
, which was recently updated tov4
), Dependabot will submit a PR to update the action version.If this merges, Dependabot will immediately open a PR to update
actions/checkout
tov4
, and will monitor for updates on a monthly basis. :+1: