Skip to content

chore: add dependabot #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 31, 2024
Merged

chore: add dependabot #127

merged 1 commit into from
Aug 31, 2024

Conversation

AsCress
Copy link
Contributor

@AsCress AsCress commented Aug 31, 2024
edited by sourcery-ai bot
Loading

  • Please check if the PR fulfills these requirements
  • The commit message follows our guidelines
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
  • Bug fix
  • Feature implementation
  • Doc updates

  • Related Issue
    N/A

  • What changes have you introduced?
    This PR adds depandabot to the repository to automatically update dependencies to the latest versions.

  • Does this PR introduce a breaking change?
    No.

  • Preview / Steps to verify your work:
    N/A

Summary by Sourcery

Add Dependabot configuration to automate weekly updates for GitHub Actions and Python dependencies.

New Features:

  • Introduce Dependabot to automatically update dependencies for GitHub Actions and Python packages on a weekly schedule.

CI:

  • Add a Dependabot configuration file to manage dependency updates for GitHub Actions and Python packages.

@sourcery-ai Sourcery AI
Copy link

sourcery-ai bot commented Aug 31, 2024
edited
Loading

Reviewer's Guide by Sourcery

This pull request adds Dependabot configuration to the repository to automate dependency updates for GitHub Actions and Python packages on a weekly basis.

File-Level Changes

Change Details Files
Implement Dependabot for automated dependency updates
  • Set up Dependabot configuration with version 2
  • Enable beta ecosystems
  • Configure GitHub Actions ecosystem for weekly updates
  • Configure Python (pip) ecosystem for weekly updates
 .github/dependabot.yml
Tips
  • Trigger a new Sourcery review by commenting @sourcery-ai review on the pull request.
  • Continue your discussion with Sourcery by replying directly to review comments.
  • You can change your review settings at any time by accessing your dashboard:
    • Enable or disable the Sourcery-generated pull request summary or reviewer's guide;
    • Change the review language;
  • You can always contact us if you have any questions or feedback.

@AsCress AsCress requested a review from adityastic August 31, 2024 12:24
sourcery-ai[bot]
sourcery-ai bot reviewed Aug 31, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @AsCress - I've reviewed your changes - here's some feedback:

Overall Comments:

  • Consider adding documentation on how to handle Dependabot pull requests, especially for new contributors. This can help maintain project stability while benefiting from automated dependency updates.
  • The configuration enables beta ecosystems. While this can provide earlier access to updates, it may also introduce less stable versions. Consider if this aligns with the project's stability requirements.
Here's what I looked at during the review
  • 🟢 General issues: all looks good
  • 🟢 Security: all looks good
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.

@adityastic adityastic enabled auto-merge (squash) August 31, 2024 12:53
@adityastic adityastic disabled auto-merge August 31, 2024 12:59
@adityastic adityastic merged commit d1e54bc into fossasia:master Aug 31, 2024
1 check passed
@AsCress AsCress deleted the dependabot branch August 31, 2024 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@adityastic adityastic adityastic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AsCress @adityastic