Skip to content

Commit

Permalink
Use Dependabot to manage GitHub Actions (#387)
Browse files Browse the repository at this point in the history
The bot will open PRs to update versions of the Actions we use. Use
version numbers instead of commits to make this easier.



<!--
Thank you for contributing a pull request to Fatiando! 💖

👆🏽 ABOVE: Describe the changes proposed and WHY you made them.

👇🏽 BELOW: Link to any relevant issue or pull request.

Please ensure you have taken a look at the CONTRIBUTING.md file 
in this repository (if available) and the general guidelines at 
https://github.com/fatiando/community/blob/main/CONTRIBUTING.md
-->

**Relevant issues/PRs:**
<!--
Example: "Fixes #1234" / "See also #345" / "Relevant to #111"
Use keywords (e.g., Fixes, Closes) to create the links and automatically
close issues when this PR is merged. 
See https://github.com/blog/1506-closing-issues-via-pull-requests
-->
  • Loading branch information
leouieda authored Feb 16, 2024
1 parent 7e07dda commit 1f6ddfc
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 5 deletions.
12 changes: 12 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
4 changes: 2 additions & 2 deletions .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
# We pin the commit hash corresponding to v0.5.0, and not pinning the tag
# because we are giving full access through the github.token.
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@148d9a848c6acaf90a3ec30bc5062f646f8a4163
uses: styfle/cancel-workflow-action@0.12.1
with:
access_token: ${{ github.token }}

Expand Down Expand Up @@ -137,7 +137,7 @@ jobs:
path: doc/_build/html

- name: Checkout the gh-pages branch in a separate folder
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
uses: actions/checkout@v3
with:
ref: gh-pages
# Checkout to this folder instead of the current one
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/pypi.yml
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
- name: Publish to Test PyPI
# Only publish to TestPyPI when a PR is merged (pushed to main)
if: success() && github.event_name == 'push'
uses: pypa/gh-action-pypi-publish@bce3b74dbf8cc32833ffba9d15f83425c1a736e0
uses: pypa/gh-action-pypi-publish@v1.8.11
with:
user: __token__
password: ${{ secrets.TEST_PYPI_TOKEN}}
Expand All @@ -122,7 +122,7 @@ jobs:
- name: Publish to PyPI
# Only publish to PyPI when a release triggers the build
if: success() && github.event_name == 'release'
uses: pypa/gh-action-pypi-publish@bce3b74dbf8cc32833ffba9d15f83425c1a736e0
uses: pypa/gh-action-pypi-publish@v1.8.11
with:
user: __token__
password: ${{ secrets.PYPI_TOKEN}}
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ jobs:
# We pin the commit hash corresponding to v0.5.0, and not pinning the tag
# because we are giving full access through the github.token.
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@148d9a848c6acaf90a3ec30bc5062f646f8a4163
uses: styfle/cancel-workflow-action@0.12.1
with:
access_token: ${{ github.token }}

Expand Down

0 comments on commit 1f6ddfc

Please sign in to comment.