Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable dependabot for java + GHA #73

Merged
merged 1 commit into from
Jun 11, 2024
Merged

enable dependabot for java + GHA #73

merged 1 commit into from
Jun 11, 2024

Conversation

rursprung
Copy link
Contributor

Description

this will enable dependabot updates, as it is also done for other OpenSearch projects.
while this project currently doesn't have any java dependencies it still makes sense to enable it here since this is a template repository and projects created based on it will usually have such dependencies in the future.

Issues Resolved

n/a

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@rursprung rursprung mentioned this pull request Jun 11, 2024
Merged
reta
reta reviewed Jun 11, 2024
View reviewed changes
.github/dependabot.yml Outdated Show resolved Hide resolved
reta
reta reviewed Jun 11, 2024
View reviewed changes
.github/dependabot.yml Outdated Show resolved Hide resolved
@reta
Copy link
Collaborator

reta commented Jun 11, 2024

Thanks @rursprung , daily is too aggressive I believe, for all OpenSearch projects we use weekly schedules

@rursprung
Copy link
Contributor Author

Thanks @rursprung , daily is too aggressive I believe, for all OpenSearch projects we use weekly schedules

ok, i'll change this.
but note that this doesn't mean that you get PRs daily. it just means that it checks it daily. dependencies usually don't have releases that often. and if it's security relevant it's quite nice if the PRs come fast rather than having to wait a week.

@rursprung
enable dependabot for java + GHA
1e27461 
this will enable dependabot updates, as it is also done for other
OpenSearch projects.
while this project currently doesn't have any java dependencies it still
makes sense to enable it here since this is a template repository and
projects created based on it will usually have such dependencies in the
future.

Signed-off-by: Ralph Ursprung <Ralph.Ursprung@avaloq.com>
@reta
Copy link
Collaborator

reta commented Jun 11, 2024

but note that this doesn't mean that you get PRs daily. it just means that it checks it daily.

Correct, checking once per week is definitely sufficient, thank you

@dblock dblock merged commit 25e8faf into opensearch-project:main Jun 11, 2024
8 checks passed
@rursprung rursprung deleted the enable-dependabot branch June 11, 2024 14:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reta reta reta approved these changes

@dblock dblock dblock approved these changes

@AmiStrn AmiStrn Awaiting requested review from AmiStrn AmiStrn is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rursprung @reta @dblock