Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable Dependabot for GitHub Actions #1243

Conversation

marcindabrowski
Copy link
Contributor

📢 Type of change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring

📜 Description

Enable Dependabot for GitHub Actions.

💡 Motivation and Context

GitHub Actions used in project CI were outdated and using unsupported Node.
Dependabot will scan repo and create PRs with new versions of GitHub Actions.

📝 Checklist

  • I reviewed submitted code
  • I added tests to verify changes
  • I updated reference documentation to reflect the change
  • All tests passing
  • No breaking changes

@maciejwalkowiak
Copy link
Contributor

I am not sure how useful will it be but lets give a try.

@maciejwalkowiak maciejwalkowiak merged commit 0882fb1 into awspring:main Sep 27, 2024
4 checks passed
@marcindabrowski
Copy link
Contributor Author

Dependabot is a great tool to manage dependency upgrades. It can analyze your actions and pom.xml as well, and creates a PR when new version of the action or library is used. Dependabot is part of GitHub.

But personally, I prefer Renovate bot, because it can do more thing, ie. it should bump Maven wrapper (I don't know, but it can do it for Gradle, so probably for Maven too). But to use Renovatebot you have to set it up there.
For dependabot you don't need to do anything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants