From cae525909030308123acc53169ed22a0b7d3a81a Mon Sep 17 00:00:00 2001 From: Eliah Kagan Date: Tue, 7 May 2024 00:01:15 +0000 Subject: [PATCH 1/2] Use Dependabot version updates but just for GitHub Actions A number of reusable actions, such as actions/checkout, are in old major versions, including versions that use old deprecated versions of Node.js, such as Node 16 (rather than the current Node 20). Dependabot version updates were disabled for Rust crates in #143 and #144, with other means used to keep things up to date. This does not reverse that even partially, as it enables version updates only for GitHub Actions (which it has not been used on before). Because most actions are specified with major version tags that get reset to the latest stable minor/patch version under that major version, the actual frequency of updates should not be anywhere near daily. Nonetheless, it may make sense to further refine this configuration, such as to check for updates less often as well as to group multiple updates into a single PR when doing so. --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000000..71607d0c3c2 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily From cf7bf1718863fe62d2823c50267dc917fd4ec6f0 Mon Sep 17 00:00:00 2001 From: Eliah Kagan Date: Tue, 7 May 2024 06:47:30 +0000 Subject: [PATCH 2/2] Group GHA dependency version updates and use weekly cadence --- .github/dependabot.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 71607d0c3c2..ce30635aa48 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,4 +3,7 @@ updates: - package-ecosystem: github-actions directory: "/" schedule: - interval: daily + interval: weekly + groups: + github-actions: + patterns: ["*"]