Skip to content

Update actions dependencies and enable dependabot #321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
llucax merged 3 commits into from
Jul 7, 2025
Merged

Update actions dependencies and enable dependabot #321

llucax merged 3 commits into from
Jul 7, 2025

Conversation

@llucax
Copy link
Member

@llucax llucax commented Jul 7, 2025

  • Update deprecated actions in CI workflow
  • Add dependabot configuration to update GitHub Actions

@llucax llucax self-assigned this Jul 7, 2025
@llucax llucax added this to the Next milestone Jul 7, 2025
@llucax llucax requested a review from Copilot July 7, 2025 09:53
Copilot AI reviewed Jul 7, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates deprecated GitHub Actions in the CI workflow by pinning them to specific revisions and introduces a Dependabot configuration to keep actions up to date.

  • Pin actions/checkout and actions/upload-artifact to explicit SHAs with version annotations
  • Add .github/dependabot.yml to automate GitHub Actions dependency updates

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
.github/workflows/ci.yml Updated uses references for checkout and upload-artifact steps
.github/dependabot.yml Added Dependabot config for github-actions ecosystem
Comments suppressed due to low confidence (2)

.github/workflows/ci.yml:8

  • Pinning to a long commit SHA can hinder readability and future updates; consider using the official version tag (e.g., actions/checkout@v4) for clarity and maintainability.
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

.github/dependabot.yml:6

  • [nitpick] A semiannual update interval may delay critical fixes; consider a more frequent schedule (e.g., monthly or weekly) to keep dependencies current.
      interval: "semiannually"

llucax added 3 commits July 7, 2025 12:05
@llucax
Update deprecated actions in CI workflow
624b23e 
Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>
@llucax
Add dependabot configuration to update GitHub Actions
c21a40c 
Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>
@llucax
Install docutils from pip instead of apt
8c63da3 
Docutils was removed from Ubuntu.

Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>
@llucax llucax requested a review from ibuclaw July 7, 2025 10:05
@llucax
Copy link
Member Author

llucax commented Jul 7, 2025

Fixed the typo as suggested by copilot, needs a new approval @ibuclaw 🙏

@llucax llucax enabled auto-merge July 7, 2025 10:06
@llucax llucax merged commit be69851 into sociomantic-tsunami:v2.x.x Jul 7, 2025
1 check passed
@llucax llucax deleted the actions-deps branch July 7, 2025 10:06
@llucax llucax added the type-bug label Jul 7, 2025
@llucax
Copy link
Member Author

llucax commented Jul 7, 2025

Or maybe it didn't...

@ibuclaw
Copy link
Contributor

ibuclaw commented Jul 7, 2025

🤷 It's the thought that counts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ibuclaw ibuclaw Awaiting requested review from ibuclaw

Assignees

@llucax llucax

Labels

type-bug

Projects

None yet

Milestone

Next

Development

Successfully merging this pull request may close these issues.

2 participants

@llucax @ibuclaw