activist
activist copied to clipboard
activist-org
GitHub Actions dependency check
Terms
- [X] I have searched open and closed feature requests
- [X] I agree to follow activist's Code of Conduct
Description
As discussed in the most recent dev sync, the team would like to create a cron job that would trigger updates of dependencies on a bi-monthly basis. The general idea of how this would work is:
- We'll keep the current Dependabot warnings and react to them as needed
- We'll run a workflow every two months
- This workflow will update all dependencies to the next available minor release
- The backend and frontend checks will be ran such that new errors will be detected
- Results will be logged and new issues will be made to work on them
- This two month process will coincide with Code Night 🌙 such that we can work together to squash 'em all 🐞
Contribution
Happy to work on this or support as needed 😊
Thinking about this a bit more, maybe it makes sense that we update dependencies and just make a PR with them updated where we can see the errors. Then people would be able to check out the branch where the dependencies are updated and go through and fix the errors :) This might be easier than us manually needing to create the issues.
We could also use Matrix-Chat-Message to alert folks in Development when the PR is made so people know to come check it out and fix what they can :)
And for simplicity maybe it makes sense to run it on the first of the month every two months such that we don't need to figure out which day it's ran and so that we can have a few weeks to work on it before hopefully closing it in Code Night 🌙
