github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6
firejail/.github/dependabot.yml
Kelvin M. Klann 442032c574
ci: make dependabot updates monthly and bump PR limit (#6338) 
It is currently only used for GitHub Actions.  The ones used in this
project rarely ever contain notable changes in their changelogs (in a
way that would cause a noticeable difference in our CI).

Also, there are weeks when most/all of the PR/commit activity is from
dependabot PRs being opened/merged.  For example, see the output of the
following command:

    git log --no-decorate --oneline 9a0db13e12..bef085035

So change the checks from weekly to monthly to reduce the noise.

Additionally, bump `open-pull-requests-limit` to 4, as it seems that we
only have 4 dependencies:

    $ git grep 'uses:' -- .github/ | sed -E 's/.*(uses: .*)@.*/\1/' |
      LC_ALL=C sort -u
    uses: actions/checkout
    uses: github/codeql-action/analyze
    uses: github/codeql-action/init
    uses: step-security/harden-runner

This should ensure that PRs can be opened against all of them when the
dependabot check is run.
2024-05-18 06:54:23 +00:00

7 lines
151 B
YAML
Raw Permalink Blame History

version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
open-pull-requests-limit: 4
Reference in a new issue View git blame Copy permalink