Open mcritchlow opened 2 years ago
Trying to surface this again, I'm not sure dependabot
is an option. As far as I can tell from https://github.com/dependabot/dependabot-core/issues/2237 it doesn't support Helm chart dependency updates. Which is quite surprising, and of high value (from my standpoint) for this repo.
Descriptive summary
There are several automated dependency management solutions available today.
We should adopt one for Hyrax (and perhaps Samvera more broadly?)
Rationale
In addition to the Ruby dependencies declared in the
gemspec
, the following files (at least) would benefit from automated dependency management:Dockerfile
docker-compose
Keeping on top of this manually feels unsustainable, and there are great solutions in place for this.
Some solutions that I have personal experience with and are fairly easily installed as Github Apps.
Related work
Some related tickets that have come up recently in this context: #5192