gradle/gradle-build-action
1
0
Fork 0
mirror of https://github.com/gradle/gradle-build-action.git synced 2024-11-21 16:42:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

Document the process to merge Dependabot upgrades

Browse source
This commit is contained in:
Daz DeBoer 2022-09-27 07:53:44 -06:00 committed by GitHub
parent d92395703c
commit 8545e5aed7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
CONTRIBUTING.md Normal file
View file

@ -0,0 +1,14 @@
### How to merge a Dependabot PR
The "distribution" for a GitHub Action is checked into the repository itself.
In the case of the `gradle-build-action`, the transpiled sources are committed to the `dist` directory.
Any production dependencies are inlined into the distribution.
So if a Dependabot PR updates a production dependency (or a dev dependency that changes the distribution, like the Typescript compiler),
then a manual step is required to rebuild the dist and commit.
The simplest process to follow is:
1. Checkout the dependabot branch locally eg: `git checkout dependabot/npm_and_yarn/actions/github-5.1.0`
2. Run `npm install` to download and the new dependencies and install locally
3. Run `npm run build` to regenerate the distribution
4. Push the changes to the dependabot branch
5. If/when the checks pass, you can merge the dependabot PR