Create dependabot.yml #76
Conversation
Use a bot to keep your Github Actions up-to-date
|
I activated it this morning from GitHub settings side, it's already activated on other repositories I maintain and I never felt the need to add a config file, what is the added value compared to the default behaviour? (I never though much about it) |
|
I could be wrong but in the settings you only activate dependabot. You need a config file for it though. With that file dependabot knows that it should look for. Once you merged that into, you will see dependabot creating pull requests. Give it a go |
|
Warnings as in https://github.com/12rambau/pytest-copie/actions/runs/8104427212 will disappear as the bot keeps your actions up-to-date. |
|
I try to limit the number of configuration fil in my repository to avoid keeping legacy things, activating the bot is actually running the bot checks on regular basis such as in pydata-sphinx-theme: https://github.com/pydata/pydata-sphinx-theme/pulls?q=is%3Apr+is%3Aclosed+author%3Aapp%2Fdependabot where everything remains up to date without any config. Let's leave this one open and if in 1 2 weeks I don't receive any notification from the bot I'll merge it |
|
Not sure I can follow. In pydata-sphinx there is https://github.com/pydata/pydata-sphinx-theme/blob/main/.github/dependabot.yml Make sure the dependabot.yml file has to be in the .github folder. Nothing happens with magic and the magic results only in pull requests you can still refuse. |
|
Thanks for waiting ! |
Use a bot to keep your Github Actions up-to-date