mirror of
https://github.com/gradle/gradle-build-action.git
synced 2024-11-22 00:52:50 +00:00
Document the process to merge Dependabot upgrades
This commit is contained in:
parent
d92395703c
commit
8545e5aed7
1 changed files with 14 additions and 0 deletions
14
CONTRIBUTING.md
Normal file
14
CONTRIBUTING.md
Normal file
|
@ -0,0 +1,14 @@
|
|||
### How to merge a Dependabot PR
|
||||
|
||||
The "distribution" for a GitHub Action is checked into the repository itself.
|
||||
In the case of the `gradle-build-action`, the transpiled sources are committed to the `dist` directory.
|
||||
Any production dependencies are inlined into the distribution.
|
||||
So if a Dependabot PR updates a production dependency (or a dev dependency that changes the distribution, like the Typescript compiler),
|
||||
then a manual step is required to rebuild the dist and commit.
|
||||
|
||||
The simplest process to follow is:
|
||||
1. Checkout the dependabot branch locally eg: `git checkout dependabot/npm_and_yarn/actions/github-5.1.0`
|
||||
2. Run `npm install` to download and the new dependencies and install locally
|
||||
3. Run `npm run build` to regenerate the distribution
|
||||
4. Push the changes to the dependabot branch
|
||||
5. If/when the checks pass, you can merge the dependabot PR
|
Loading…
Reference in a new issue