search

tonybaloney / Pyjion

Pyjion - A JIT for Python based upon CoreCLR
https://www.trypyjion.com
MIT License
1.42k stars 59 forks source link

Add a Dependabot config to keep GitHub action versions updated #506

Closed kurtmckee closed 1 year ago

kurtmckee commented 1 year ago

GitHub CI runs are throwing deprecation warnings and errors (recent example). This can be fixed by updating the action versions, e.g. updating actions/checkout@v2 to v4.

Rather than updating the actions once, this PR introduces a Dependabot config that will regularly check for new action versions and submit PRs to update the versions.

If this PR merges, you can expect Dependabot to immediately open multiple PRs that target each out-of-date action version.

Thanks for your work on Pyjion!

kurtmckee commented 1 year ago

@tonybaloney I was surprised that Dependabot didn't immediately open PRs. I found in the docs that an extra step is required for forks:

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-version-updates-on-forks

The summary of that page is:

  1. Go to the repo "Settings"
  2. In the "Security" section of the sidebar, click "Code security and analysis"
  3. Under "Code security and analysis", to the right of "Dependabot version updates", click Enable to allow Dependabot to initiate version updates.

Sorry for not documenting that up front in the PR; I wasn't aware of this additional requirement for forks.