8000 Create dependabot.yml to auto update Github Action versions by shachafl · Pull Request #2039 · spacetx/starfish · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Create dependabot.yml to auto update Github Action versions #2039

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 3, 2024
Merged

Create dependabot.yml to auto update Github Action versions #2039

merged 2 commits into from
Dec 3, 2024

Conversation

shachafl
Copy link
Collaborator

moving dependabot.yml to .github/ folder

@shachafl shachafl requested review from berl and Copilot November 30, 2024 15:55
@shachafl shachafl self-assigned this Nov 30, 2024
Copilot
Copilot AI reviewed Nov 30, 2024
View reviewed changes
Copy link
@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 1 out of 1 changed files in this pull request and generated no suggestions.

@shachafl shachafl mentioned this pull request Nov 30, 2024
Merged
@shachafl
Copy link
Collaborator Author

#2033 didn't work.
Solution is either moving file to parent folder (current PR #2039) or repository admin needs to enable "dependabot version updates" under settings->code security:
image

berl
berl approved these changes Dec 3, 2024
View reviewed changes
Copy link
Collaborator
@berl berl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@berl berl merged commit d655a80 into master Dec 3, 2024
31 checks passed
@shachafl shachafl deleted the shachafl-actions-auto-update branch December 3, 2024 18:37
shachafl added a commit that referenced this pull request Dec 4, 2024
@shachafl
Delete .github/workflows/dependabot.yml
67995dd 
Tried to delete and remove dependabot.yml file from the wrong  folder, but this didn't register in PR #2039
@shachafl shachafl mentioned this pull request Dec 4, 2024
Merged
berl pushed a commit that referenced this pull request Dec 5, 2024
@shachafl
Delete .github/workflows/dependabot.yml (#2043)
bb703f4 
Tried to delete and remove dependabot.yml file from the wrong  folder, but this didn't register in PR #2039
shachafl added a commit that referenced this pull request Dec 13, 2024
@shachafl @dependabot
updating reopened branch pypi_description for further debugging (#2044)
ad89f7d 
* Adding support to Python 3.12 (#2027)

* updating versioneer and add python 3.12 to setup files

* add python 3.12 to CI

* fix: python 3.12 flake8 linting error

* removing backslash sequences that raise SyntaxWarning in python 3.12+ when using sphinx-gallery to convert reST to markdown

* add python 3.12 support to docs

* docs: fixes to README.rst loading on PyPI project description (#2029)

* Updating CHANGELOG.md for release 0.3.1 (#2030)

* updating CHANGELOG.md for release 0.3.1

* Bump lxml-html-clean from 0.3.1 to 0.4.0 in /requirements (#2036)

Bumps [lxml-html-clean](https://github.com/fedora-python/lxml_html_clean) from 0.3.1 to 0.4.0.
- [Changelog](https://github.com/fedora-python/lxml_html_clean/blob/main/CHANGES.rst)
- [Commits](fedora-python/lxml_html_clean@0.3.1...0.4.0)

---
updated-dependencies:
- dependency-name: lxml-html-clean
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Create dependabot.yml to update Actions version (#2033)

Will automatically open PR to update:
actions/cache
actions/checkout
actions/setup-python

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

* replace scipy.ndimage.filters with scipy.ndimage for scipy v2 (#2035)

* Bump tornado from 6.4.1 to 6.4.2 in /requirements (#2038)

Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.4.1 to 6.4.2.
- [Changelog](https://github.com/tornadoweb/tornado/blob/v6.4.2/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.4.1...v6.4.2)

---
updated-dependencies:
- dependency-name: tornado
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Github Actions auto update (#2039)

* Create dependabot.yml to update Actions version

Will automatically open PR to update:
actions/cache
actions/checkout
actions/setup-python

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

* moving dependabot.yml to .github/ folder

* Bump actions/checkout from 2 to 4 (#2040)

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/cache from 2 to 4 (#2041)

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v2...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/setup-python from 2 to 5 (#2042)

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v2...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Delete .github/workflows/dependabot.yml (#2043)

Tried to delete and remove dependabot.yml file from the wrong  folder, but this didn't register in PR #2039

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
shachafl added a commit that referenced this pull request Dec 19, 2024
@shachafl @dependabot
updating reopened branch pypi_description with master to resolve issue (
3d3b0d7 
#2046)

* Adding support to Python 3.12 (#2027)

* updating versioneer and add python 3.12 to setup files

* add python 3.12 to CI

* fix: python 3.12 flake8 linting error

* removing backslash sequences that raise SyntaxWarning in python 3.12+ when using sphinx-gallery to convert reST to markdown

* add python 3.12 support to docs

* docs: fixes to README.rst loading on PyPI project description (#2029)

* Updating CHANGELOG.md for release 0.3.1 (#2030)

* updating CHANGELOG.md for release 0.3.1

* Bump lxml-html-clean from 0.3.1 to 0.4.0 in /requirements (#2036)

Bumps [lxml-html-clean](https://github.com/fedora-python/lxml_html_clean) from 0.3.1 to 0.4.0.
- [Changelog](https://github.com/fedora-python/lxml_html_clean/blob/main/CHANGES.rst)
- [Commits](fedora-python/lxml_html_clean@0.3.1...0.4.0)

---
updated-dependencies:
- dependency-name: lxml-html-clean
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Create dependabot.yml to update Actions version (#2033)

Will automatically open PR to update:
actions/cache
actions/checkout
actions/setup-python

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

* replace scipy.ndimage.filters with scipy.ndimage for scipy v2 (#2035)

* Bump tornado from 6.4.1 to 6.4.2 in /requirements (#2038)

Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.4.1 to 6.4.2.
- [Changelog](https://github.com/tornadoweb/tornado/blob/v6.4.2/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.4.1...v6.4.2)

---
updated-dependencies:
- dependency-name: tornado
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Github Actions auto update (#2039)

* Create dependabot.yml to update Actions version

Will automatically open PR to update:
actions/cache
actions/checkout
actions/setup-python

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

* moving dependabot.yml to .github/ folder

* Bump actions/checkout from 2 to 4 (#2040)

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/cache from 2 to 4 (#2041)

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v2...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/setup-python from 2 to 5 (#2042)

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v2...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Delete .github/workflows/dependabot.yml (#2043)

Tried to delete and remove dependabot.yml file from the wrong  folder, but this didn't register in PR #2039

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@shachafl shachafl changed the title Github Actions auto update Create dependabot.yml to auto update Github Action versions Feb 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@berl berl berl approved these changes

Assignees

@shachafl shachafl

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shachafl @berl
0