Fully Automated Dependency Upgrades with Dependabot and GitHub Actions

Continuous Integration Code Collaboration DevOps Tools

GitHub Actions Landing Page
1

GitHub Actions

Automate your workflow from idea to production
Pricing:
- Open Source
For me, automating the management of issue labels on GitHub was a small but important step to achieve consistency across my repositories. Many different tools exist to either sync or create labels, and after evaluating a few my choice fell on Label Syncer. Most importantly, its fully configured in code and as a GitHub Action part of the repository it manages.

#DevOps Tools #Continuous Integration #Continuous Deployment 275 social mentions
GitHub Landing Page
2

GitHub

Originally founded as a project to simplify sharing code, GitHub has grown into an application used by over a million people to store over two million code repositories, making GitHub the largest code host in the world.
Pricing:
- Open Source
Lastly, template repositories are another feature of GitHub that you might want to explore if you are interested in consistency across new projects. Adding the configuration from this article to a template repository ensures that every new project created from the template automatically has the right labels and auto-upgrades configured.

#Code Collaboration #Git #Version Control 2041 social mentions
Dependabot Landing Page

3

Dependabot

Automated dependency updates for your Ruby, Python, JavaScript, PHP, .NET, Go, Elixir, Rust, Java and Elm.

Probot-auto-merge can be customized quite heavily, but the above is the minimal configuration that is required to automatically merge Dependabot's pull requests. It instructs probot-auto-merge to merge any pull request with the label PR-merge, and report the status of its runs as a check on the pull request. The latter is not required, but very helpful to understand and debug the configuration.

#DevSecOps #Software Development #Continuous Integration 13 social mentions