Create dependabot.yaml (fixes #2195) #2196
Conversation
|
@vorburger do we know if this works before merging the PR? We have a centralised place to keep the dependency info: https://github.com/google/android-fhir/blob/master/buildSrc/src/main/kotlin/Dependencies.kt in the |
No, not easily, unfortunately. My recommendation is to just merge this as-is; we could always
Yes, I expect it will; note how, since #2208 for #2194, https://github.com/google/android-fhir/network/dependencies now shows this project's dependencies; my expectation is that when this PR gets merged, Dependabot will start proposing upgrades. In order to easily see which upgrades proposed by Dependabot "work" , perhaps you would like to merge #2203 to fix #2197 before this? |
Actually... I see what you mean; I'm not sure if Dependabot is smart enough to propose a correct PR, for this project as-is. We may have to do some manual work. Let's try and see? If it doesn't work, perhaps we could rework |
There was a problem hiding this comment.
happy for you to merge this but have you seen this: https://medium.com/@vladyslav.hontar/dependabot-in-action-d9b56b2be86c?
i commented in the issue too
Fixes #2195
Description
This (should) enable https://github.com/dependabot, see https://docs.github.com/en/code-security/dependabot.
Alternative(s) considered
Yes, always! 😺 I am aware of other such tools, but this is the best one, because it's from GitHub themselves, and thus most natively integrated. It also work great on many other open source projects where I have enabled it! 😃
Type
Choose one:
Bug fix | Feature | Documentation | Testing |Code health | Builds | Releases | SecurityScreenshots (if applicable)
The expected result would be to start seeing automagical Pull Requests such as these (from another repo) on this repo.