build: update all available actions to nodejs 20 #802
Comments
|
@McShelby that's where Dependabot shines :) |
|
Hm, I always thought, this is only used for file dependencies. Here (see my changeset above), it would need to change code in source files. Are you sure this is doable with dependabot? Do you have an example repo (not necessarily yours) where I can take a look? Anyways this does not help with non-maintained actions. |
|
well, it handles the workflow/action versions quite well... it even supports docker, gradle, npm, ... have a look at my dungeon project, where we use it for workflows/actions and gradle: https://github.com/Dungeon-CampusMinden/Dungeon/blob/master/.github/dependabot.yml here is how to configure your repo (you'll need a config file plus some settings in your repo): https://docs.github.com/en/code-security/dependabot/working-with-dependabot it will add a pull-request for each detected update, and in this pull-request it gives you many options: you could accept/merge, you could tell dependabot to ignore this specific dependency, ... |
|
here an example pull-request, where i declined the suggested update: Programmiermethoden-CampusMinden/student-support-code-template#1 you can see, dependabot wanted to change my sadly i have not found an example for updating gh-actions in |
|
@cagix Thanks for the hints. I'll take a look into it. |
|
you can fork https://github.com/dependabot/demo to try your config :) |
Painful. GitHub deprecates actions stuff constantly, so it's always necessary to adjust.
Probably a good future step is, to consolidate action usage by relying on well maintained ones.
The text was updated successfully, but these errors were encountered: