Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update GHA dependencies via dependabot #813

Merged
merged 1 commit into from
Sep 18, 2024
Merged

Update GHA dependencies via dependabot #813

merged 1 commit into from
Sep 18, 2024

Conversation

yhabteab
Copy link
Member

Dependabot supports to automatically refresh GitHub actions as well, so we should use it to avoid such errors:
https://github.com/Icinga/icingadb/actions/runs/10903916830/job/30259089610

@cla-bot cla-bot bot added the cla/signed label Sep 18, 2024
@yhabteab yhabteab self-assigned this Sep 18, 2024
@yhabteab yhabteab requested review from oxzi and Al2Klimov September 18, 2024 09:56
Al2Klimov
Al2Klimov previously approved these changes Sep 18, 2024
View reviewed changes
lippserd
lippserd reviewed Sep 18, 2024
View reviewed changes
.github/dependabot.yml Outdated
directory: /
schedule:
interval: daily
open-pull-requests-limit: 10
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the PR limit? (I know it was already there still I'm wondering why it's necessary).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess to limit the PRs it can create at a time, but I can also remove it, I just wanted it to be identical to the other config.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By default, Dependabot opens a maximum of five pull requests for version updates.

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then 5 PRs a day is more than enough for the GitHub Actions, I would say.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

5 PRs a day

This is not a rate limit:

Once there are five open pull requests from Dependabot, Dependabot will not open any new requests until some of those open requests are merged or closed.

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nevertheless, the default limit is more than enough for the GA.

@yhabteab
Copy link
Member Author

You have to force merge this PR though, so that it can start upgrading the dependencies from within the main branch.

@lippserd lippserd merged commit 6c24717 into main Sep 18, 2024
31 of 33 checks passed
@lippserd lippserd deleted the gha-dependabot-fix branch September 18, 2024 10:42
@lippserd lippserd mentioned this pull request Oct 2, 2024
Closed
@oxzi oxzi added this to the 1.2.1 milestone Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Al2Klimov Al2Klimov Al2Klimov approved these changes

@oxzi oxzi Awaiting requested review from oxzi

@lippserd lippserd Awaiting requested review from lippserd

Assignees

@yhabteab yhabteab

Labels
cla/signed
Projects
None yet
Milestone
1.2.1
Development

Successfully merging this pull request may close these issues.
4 participants
@yhabteab @lippserd @Al2Klimov @oxzi