Closed martinm82 closed 5 months ago
julz0815
commented
5 months ago We are not using dependabot, this repo also doesn't have any dependencies. I imagine this PR was created by mistake, this will close now. If there are any concerns please contact us.
martinm82
commented
5 months ago @julz0815 why do you close this PR? This repo has several workflows containing references to GitHub Actions that should be kept up-to-date. Or how do you envision to keep actions/checkout, etc. up-to-date? Are you doing this manually?
Dependabot is by default available for free for public repositories and just needs to be enabled in the repository settings.
julz0815
commented
5 months ago @martinm82 we are aiming for a controlled rollout of updates on the workflows. It could be there is a new version of an action that will break the app as the backend is not yet supporting this functionality, but using the action on it's own is perfectly fine.
This PR introduces a dependabot configuration to keep the GitHub Action dependencies up-to-date