-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add check to look for updates to Github actions being used #9251
Conversation
If you are still interested in this PR, can you please merge and resolve any merge conflicts with the latest from develop? If so, we can prioritize reviewing and QAing the changes. If we don’t hear from you by May 22, 2024, we’ll go ahead and close this PR (it can always be reopened after that date, if there is still interest). |
7f6a4c1
to
6d0adf5
Compare
Rebased onto |
This is the same as #10917 except for the check interval. |
Oops! I closed my duplicate PR. I do think that checking for updated Actions every day is more often than necessary. It's a gut feeling though. This can be marked to close #10916. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I reviewed https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot and this PR is still up-to-date with the recommendations there.
The only difference is that this PR says "daily" instead of "weekly". @bencomp indicated daily might be to often but I'm ok with trying it. We can always change it later.
As with other PRs that affect GitHub Actions this is probably another example where we just merge it and see if we're happy with the result. That is, we can revert if necessary.
Approved!
Merging PR |
What this PR does / why we need it:
This adds a file that will automatically check daily the various Github Actions used to see if there are updates to the actions themselves.
Will be no-op on docs and codebase.
Which issue(s) this PR closes: None
Special notes for your reviewer:
Suggestions on how to test this:
Does this PR introduce a user interface change? If mockups are available, please link/include them here:
Is there a release notes update needed for this change?:
Additional documentation: