search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.83k stars 568 forks source link

ci: make dependabot updates monthly and bump PR limit #6338

Closed kmk3 closed 6 months ago

kmk3 commented 6 months ago

It is currently only used for GitHub Actions. The ones used in this project rarely ever contain notable changes in their changelogs (in a way that would cause a noticeable difference in our CI).

Also, there are weeks when most/all of the PR/commit activity is from dependabot PRs being opened/merged. For example, see the output of the following command:

git log --no-decorate --oneline 9a0db13e12..bef085035

So change the checks from weekly to monthly to reduce the noise.

Additionally, bump open-pull-requests-limit to 4, as it seems that we only have 4 dependencies:

$ git grep 'uses:' -- .github/ | sed -E 's/.*(uses: .*)@.*/\1/' |
  LC_ALL=C sort -u
uses: actions/checkout
uses: github/codeql-action/analyze
uses: github/codeql-action/init
uses: step-security/harden-runner

This should ensure that PRs can be opened against all of them when the dependabot check is run.