documentation icon indicating copy to clipboard operation
documentation copied to clipboard
verified publisher icon Qiskit

Figure out what to do with Dependabot

Open Eric-Arellano opened this issue 1 year ago • 0 comments

Due to now testing all notebooks when requirements.txt change (https://github.com/Qiskit/documentation/pull/1831), dependabot now fails. That's because it cannot access the GitHub Actions Secret due to GitHub's security defaults. See https://github.com/Qiskit/documentation/pull/1839 for an example failure.

We have two options:

  1. Stop using Dependabot and manually update the versions when new releases happen.
  2. Ask the security team if we can give Dependabot access to the secret.

Update: we agree to get rid of Dependabot for Python requirements. TODOs:

  • Set up Dependabot for JavaScript dependencies
  • Document the process for new API releases (gen docs, update search index, update testing requirement version)

Eric-Arellano avatar Aug 16 '24 13:08 Eric-Arellano