Commit graph

4 commits

Author SHA1 Message Date
Joshua Lock
4f30d0ce96 Have dependabot also monitor actions
Have dependabot monitor our GitHub Actions for updates too

Signed-off-by: Joshua Lock <jlock@vmware.com>
2021-09-08 10:56:16 +01:00
Joshua Lock
16bd3c2358 Remove Python 2.7 from GitHub CI configuration
- Drop Python 2.7 from GitHub Actions workflows. Note: There is likely
  additional cleanup that can be done to the workflow now we no longer
  care about supporting Python 2.7.
- No longer tell dependabot to ignore idna updates.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2021-03-03 09:37:21 +00:00
Lukas Puehringer
cb164ec1f7 Configure dependabot to ignore 'idna'
New releases of the transitive (via 'requests') dependency 'idna'
break Python 2.7 builds. To fix this we configure dependabot to not
bump 'idna' in requirements-pinned.txt, which lists and
auto-updates all immediate and transitive dependencies for CI/CD
testing.

An alternative would be to add and restrict 'idna' in
'requirements.txt' but this is less preferable because
'requirements.txt' should only have direct dependencies.

For consulted dependabot config docs see:
https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/enabling-and-disabling-version-updates#disabling-dependabot-version-updates

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2021-01-12 13:47:36 +01:00
dependabot-preview[bot]
e364e7f582
Create Dependabot config file 2021-01-11 16:33:11 +00:00