Add dependabot configuration for GitHub Actions and NuGet updates + Markdown lint action fix #10
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
riosengineer
changed the title
Owner
|
Hey @riosengineer - thanks for the pull request. Your a legend. Sharing is caring! |
Contributor
Author
|
You're about to get some dependabot spam but then it will chillout after the initial wave of updates @Gijsreyn 😆 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
<3 Dependabot! It's been great for my project, what do you think? @Gijsreyn
It will update actions & nuget updates automatically via PR, resolve conflicts and run weekly. Saves you having to manually do this.
Edit: Fixed (I believe) the markdown lint action. Tested in my repo by adding some changes to the YAML + a dispatch workflow so I could run it manually and it seemed happy - run here:
I amended it from
pull_request_targettopull_requestfor a few reasons - if you agree:pull_requestworkflows run in the fork/PR context, so actions/checkout@v4 automatically fetches the PR’s head commit even if it lives only in the contributor’s fork.With pull_request_target, checkout defaulted to the base repo, couldn’t see the fork SHA, and tj-actions/changed-files threw a “similar hash” error.
Safer permissions:
pull_requestalso runs with the least-privilege token and no base-repo write access, keeping this lint job secure while still firing on both push and PR events.