Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep GitHub actions dependencies up to date #18

Closed
13 tasks done
johnboyes opened this issue Aug 1, 2020 · 6 comments
Closed
13 tasks done

Keep GitHub actions dependencies up to date #18

johnboyes opened this issue Aug 1, 2020 · 6 comments

Comments

@johnboyes
Copy link
Contributor

johnboyes commented Aug 1, 2020
edited
Loading

Dependencies to keep up to date:

  • default Hoverfly version in the action.yml
  • example Hoverfly version in the README
  • shellcheck version in the devcontainer Dockerfile
  • other dependencies in the devcontainer Dockerfile
  • all the versions in my actions (in the .github/workflows dir)
  • the go version in github_tag_and_release.yml
  • the (latest) hoverfly version in the tests.yml
  • the version of Ubuntu in the GitHub Actions
  • the Docker image in the FROM command
@johnboyes
Copy link
Contributor Author

johnboyes commented Aug 1, 2020
edited
Loading

Having looked into it Dependabot is the way to go:

@johnboyes
Copy link
Contributor Author

johnboyes commented Aug 10, 2020
edited
Loading

There is also depup, which could be worth looking into if Dependabot doesn't do everything for us out of the box.

@johnboyes
Copy link
Contributor Author

Dependabot doesn't yet update references to Docker Containers in GitHub Actions, which is why the Label Checker version isn't being updated.

Dependabot will update references in a workflow file that look like uses: actions/setup-node@v1.0.0. In future it will also update references to Docker containers.

@johnboyes
Copy link
Contributor Author

johnboyes commented Aug 13, 2020
edited
Loading

Have pinned the linux dependencies in the devcontainer Dockerfile, but there is no mechanism in place to automatically update them at this moment. Looks like it's on Dependabot's roadmap, so I've created a recurring reminder every 6 months to see if Dependabot offer it.

@johnboyes
Copy link
Contributor Author

johnboyes commented Aug 13, 2020
edited
Loading

Ubuntu releases every year in April. In 2020 the GitHub Actions team offered the latest version by mid June, so I have created an annual reminder for 1st July each year to see if we can upgrade. Will involve e.g. for 2021, simply replacing ubuntu-20.04 with ubuntu-21.04 in every repo I have that uses GitHub Actions

@johnboyes
Copy link
Contributor Author

Did all of this incrementally in a number of PRs, final one was #50

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@johnboyes