-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update all actions and use dependabot #416
base: main
Are you sure you want to change the base?
Conversation
.github/workflows/codecov.yml
Outdated
@@ -14,7 +14,7 @@ jobs: | |||
# cov is broken upstream, see https://github.com/rust-lang/rust/issues/79645, fix in https://github.com/rust-lang/rust/issues/93054 | |||
if: "false" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we enable it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's try
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose we need to add a CODECOV_TOKEN
and add it to the twitch-rs
org like described here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added the secret, just need to add the env to the workflow step
Have you checked renovate as well, it's more configurable I feel. Example: https://github.com/rustic-rs/rustic/blob/main/.github%2Frenovate.json |
For coverage: haven't looked into the current CI, but here is a workflow using cargo tarpaulin: https://github.com/pace-rs/pace/blob/main/.github%2Fworkflows%2Fcoverage.yaml |
we actually have renovate enabled :D, it doesn't work very well. Maybe there's a way to fix it? Which reminds me, should probably disable it if we switch to dependabot. |
On mobile, so not really able to look into it. But can check later, if there is a way to fix it. |
Not super familiar with renovate, but we could try to find a good config. I've only used dependabot because we use it in Chatterino and it works there. For rust, it's not ideal, as it only updates the dependencies you have in |
Seems like it's disabled for everything: https://github.com/twitch-rs/.github/blob/552dc354c76953dcb866e747613a501d1af28aa5/renovate-config.json#L33-L41 (if I read that correctly). |
I should've documented why. It doesn't use cargo semver. so it thinks that The reason I say it doesn't work is because it doesn't handle submodules like I wanted it to, it should update the lockfile when bumping submodules, but that doesn't seem to work. |
Notably, this updates
@actions/checkout
from v3 to v4, as it used Node 16 which isn't maintained anymore (notice the warnings at the bottom). Only@actionsx/prettier
isn't updated to Node 20 yet (actionsx/prettier#119).Additionally, I've added Dependabot for GH-Actions to help with keeping them up-to-date.
I noticed, that
lcov
now works, socodecov.yml
might work again (with some adjustments as bors isn't used anymore).