Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make update-script.rb generic. #712

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

simi
Copy link

@simi simi commented Dec 2, 2021

Should I update README as well?

@simi simi force-pushed the dependency-name branch 5 times, most recently from e87f5e0 to 0b0859e Compare December 6, 2021 00:46
@jeffwidman
Copy link
Member

jeffwidman commented May 24, 2022

Thanks for submitting! And sorry for the radio silence here. I joined the team recently and trying to catch up on older PRs.

My thoughts on this are similar to what I wrote over in #632 (comment).

Basically anything that dependabot.yml is likely to configure, we probably don't want to support via env vars.

So I think that leaves the access token and the project path. Project path has some complexity around it, since there are multiple deploy targets for this script... so let's punt on that for now and limit the scope of this PR to just the access token.

@@ -19,19 +19,19 @@
"type" => "git_source",
"host" => "github.com",
"username" => "x-access-token",
"password" => "a-github-access-token"
"password" => ENV["GITHUB_ACCESS_TOKEN"] # A GitHub access token with read access to public repos
Copy link
Member

@jeffwidman jeffwidman May 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to rename this to something more generic than GITHUB_ACCESS_TOKEN since this is really the "repo that you want to update"... and we've got users of this script running it on gitlab, azure devops, bitbucket, etc.

But not quite sure what's best... calling it "source" vs "target" doesn't clarify that this is the repo that's getting updated by Dependabot...

Thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants