cozy icon indicating copy to clipboard operation
cozy copied to clipboard
verified publisher icon geigi

chore: automate dep updates

Open kbdharun opened this issue 2 years ago • 3 comments

Changes

This PR adds a dependabot.yml config file to automate dependency updates for the GitHub actions (version) and the Python requirements.txt file.

Dependabot is a built-in security feature in GitHub, it automatically opens PRs to update dependencies if there are moderate or high severity CVEs attached to an action/dependency (if it is enabled in https://github.com/geigi/cozy/security), this PR adds support for normal version updates (monthly) using dependabot for the dependencies. (In future, manual updates like #808 aren't necessary for the actions)

Offtopic: I noticed there are travis CI files in the repo, is it still being used (now that testing and releases are done via GitHub actions).

kbdharun avatar Jan 05 '24 12:01 kbdharun

Thanks! This looks good to me, but I'll leave it to @geigi, he knows the current CI setup better.

rdbende avatar Jan 05 '24 12:01 rdbende

Would be so cool if Dependabot could do update the Pypi dependencies in the Flatpak manifest as well.

rdbende avatar Jan 05 '24 12:01 rdbende

Would be so cool if Dependabot could do update the Pypi dependencies in the Flatpak manifest as well.

Dependabot, unfortunately, doesn't support updating dependencies in the Flatpak manifest. I think https://github.com/flathub-infra/flatpak-external-data-checker would work for your use case.

kbdharun avatar Jan 05 '24 12:01 kbdharun

Thanks for your contribution :) Travis CI is not used anymore so probably some leftover stuff from long time ago.

geigi avatar Feb 16 '24 13:02 geigi