-
Notifications
You must be signed in to change notification settings - Fork 696
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add dependabot: add Actions CI updates merge requests automation #7809
add dependabot: add Actions CI updates merge requests automation #7809
Conversation
Dependabot would send merge requests [like these](haskell-nix/hnix-store#169)
@Anton-Latukha: hi! Do you think using https://github.com/haskell/actions would aid us in solving #7798? Is that preferable to ghcup or does it complement it? |
They are complementary, for example it uses chocolatey for win and ghcup for the rest automatically so you dont have to worry about. When the action will switch to use ghcup for all os's it will be transparent for us. |
Great, let's use it. Whom does the dependabot send info to? Is it via email? |
I think security info about deprecated actions will be here: https://github.com/haskell/cabal/security/dependabot. I have received emails about those alerts for being watching the repo (or be a maintainer? not sure) And it will open auto pr's to update dependencies |
our workflow files are generated, so prs would be useless (but issues wouldn't) |
Ok. Haskell-CI is both blessing & a curse. I am "on the way" & think contributing some GitHub automation into it (I want to merge there HLint automation). But first I need to arrange stuff for that in
I do not have access to
The solution to the question of #7798 - is to make I'm thinking about helping in Because Cabal CI as said - is autogenerated - yes - do not see a reason to keep PR around, if only to use dependabot PRs as notifications. |
Looked into CI. Thought through the situation from different angles. The situation is obviously complex. I can not recommend anything. Especially because almost nothing in workflows can be done, deshotgun-surgered or shelled-out to understand how to simplify it, because they are autogenerated from GenValidate.hs. & that is made by It obviously a mess - because the installation was a mess before standardization work for & I do not know what In time I currently can only work on the fringes here and there taking responsibilities to ease the situation (like maybe helping-out in |
@Anton-Latukha the CI has been rehauled in #7952. Do you think we could reconsider this analysis? |
Dependabot would weekly check updates for project's .github/workflows/workflow.yml & send information & patch updates (like these).
PR to CI configuration run CI with changes applied, which is a self-test.