ResourceModules icon indicating copy to clipboard operation
ResourceModules copied to clipboard
verified publisher icon Azure

[Feature Request]: New platform scheduled pipeline to check external version updates

Open eriqua opened this issue 2 years ago • 1 comments

Description

Implement a platform scheduled pipeline to check the latest version for all external sources, e.g., public external actions/steps or tools. Discuss a possible MVP with the team, for example:

Check https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates

OR

  • List all versioned resources (declarative JSON, yaml or other)
  • Compare for each current vs latest
  • Provide a job summary of the findings, highlighting what's new
  • A step further could be to automatically create an issue whenever a mismatch

Versions to check

Note: First draft not exhaustive

  • PSRule action
  • Bicep
  • Az cli
  • PS version
  • PS modules (Az, powershell-yaml)
  • GH Runner/ADO Agent OS
  • Autoassign PR action
  • ...

eriqua avatar Feb 13 '23 16:02 eriqua

Dependabot can automatically bump PSRule action and other GitHub Actions. Config looks like this: https://github.com/Azure/PSRule.Rules.Azure/blob/001f49cffe50b10383934594ea8f926b8526fc13/.github/dependabot.yml#L25-L33

BernieWhite avatar May 16 '23 13:05 BernieWhite