Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(ci): Add dependabot.yml, update actions/upload-artifact #9391

Merged
merged 2 commits into from
Feb 3, 2025
Merged

chore(ci): Add dependabot.yml, update actions/upload-artifact #9391

merged 2 commits into from
Feb 3, 2025

Conversation

donmccurdy
Copy link
Collaborator

@donmccurdy donmccurdy commented Feb 3, 2025
edited
Loading

A dependency of the scorecard workflow, actions/upload-artifact, has gone stale and is causing GitHub Actions to fail:

https://github.com/visgl/deck.gl/actions/runs/13116305290/job/36591363047

I selected the latest version of the action, and corresponding SHA1, by hand. But this is something that Dependabot can do automatically. I can't find any documentation to explain why Dependabot is updating npm dependencies but not GitHub actions dependencies by default, but that seems to be the case, so I've added an explicit configuration for GitHub Actions to enable both npm and github-actions ecosystems. Hopefully Dependabot will pin more dependencies after that's merged.

three.js uses Renovate Bot to update GitHub Actions in PRs like this one, as another option.

@donmccurdy donmccurdy added chore dependencies Pull requests that update a dependency file labels Feb 3, 2025
@coveralls
Copy link

coveralls commented Feb 3, 2025
edited
Loading

Coverage Status

coverage: 91.635%. remained the same
when pulling 713ceef on deps/actions-upload-artifacts-4.6
into 746ba68 on master.

@donmccurdy donmccurdy force-pushed the deps/actions-upload-artifacts-4.6 branch from 5eb9702 to 713ceef Compare February 3, 2025 20:43
@donmccurdy donmccurdy changed the title chore(ci): Update actions/upload-artifact to 4.6 chore(ci): Add dependabot.yml, update actions/upload-artifact Feb 3, 2025
@donmccurdy donmccurdy merged commit 2765083 into master Feb 3, 2025
2 checks passed
@donmccurdy donmccurdy deleted the deps/actions-upload-artifacts-4.6 branch February 3, 2025 20:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Pessimistress Pessimistress Pessimistress approved these changes

@felixpalmer felixpalmer Awaiting requested review from felixpalmer

Assignees
No one assigned
Labels
chore dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@donmccurdy @coveralls @Pessimistress