By putting in the .github/dependabot.yml dependabot gets triggered.
tick. No INFRA needed.
It has a built-in limit so as not to flood the "pulls" (the limit is
5-ish). Doc says 5, there are 6.
PRs happen on clones of Jena.
Hmm. Unexpected.
Andy
On 11/11/2020 14:50, Andy Seaborne wrote:
I'll give it a go.
The documentation says it just needs write permission to the repo - not
a "settings" thing.
Merged - waiting for the first run ...
On 10/11/2020 19:19, [email protected] wrote:
+1
If it's not useful we can turn it off.
Adam
On Tue, Nov 10, 2020, 12:28 PM Andy Seaborne <[email protected]> wrote:
I'd like to add dependabot to the git repo to tell us about dependencies
updates.
dependabot sends PRs to the project, including gathering documentation
and explanation if available so we get to review the proposed changes.
I've a very simple setup on another project:
https://github.com/afs/rdf-delta/blob/main/.github/dependabot.yml
The github documentation:
https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/keeping-your-dependencies-updated-automatically
The first time it runs we will likely get quite a few updates because we
have quite a few dependencies.
We don't have to acceet the recommendations!
Andy
