OpenML icon indicating copy to clipboard operation
OpenML copied to clipboard
verified publisher icon openml

Added dependency check workflow

Open naman9271 opened this issue 1 month ago • 1 comments

Fixes: #1247

This pull request introduces a new GitHub Actions workflow for automated dependency checking and reporting. The workflow runs weekly and checks both Composer (PHP) and NPM (JavaScript) dependencies for outdated packages, automates merging of safe Dependabot PRs, and creates or updates a summary issue to inform maintainers about the status of dependencies.

Automated Dependency Checking and Reporting:

  • Added .github/workflows/dependency-check.yml workflow to run scheduled checks for outdated Composer and NPM dependencies, generating summary logs for maintainers.
  • Composer and NPM jobs install dependencies, check for outdated packages, and append results to the GitHub Actions summary for easy review.

Dependabot Integration:

  • Implemented an auto-merge job for Dependabot PRs that are patch or minor version updates, reducing manual intervention for safe updates.

Automated Issue Creation:

  • Added a job to create or update a "Dependency Update Report" issue summarizing the results of the weekly checks, including actionable recommendations and links to job logs.

naman9271 avatar Nov 15 '25 20:11 naman9271

Hi @joaquinvanschoren , @janvanrijn please review when you get a chance - thanks

naman9271 avatar Nov 15 '25 20:11 naman9271