Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce Dependabot for Docker and GitHub Actions #113

Merged
merged 1 commit into from
Aug 17, 2022

Conversation

programmer04
Copy link
Contributor

As mentioned in #111 (comment) introduce automated updates for base images in Dockerfile and GitHub Actions used in CI. It will check for updates every day and create PRs automatically for us - keeping them up to date should allow avoiding most security vulnerabilities

@Dentrax
Copy link

Dentrax commented Aug 16, 2022

I think setting interval to weekly would much efficient since we get less spammed by dependabot notifications.

@programmer04
Copy link
Contributor Author

My reasoning was that in Dockerfile only FROM alpine:3.16.0 will be tracked and Alpine is not releasing so often
image

GitHub Actions in files test-pr-buildx.yml and release-buildx.yml are pinned only by major versions so they shouldn't change so often too.

Hence by checking it every day, mostly it won't update anything. But when new versions come up, PRs will be created almost immediately (max one day delay).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants