gradle-build-action/CONTRIBUTING.md at 579b14502b0fb98d64e884cc3db0f085989d5779

gradle/gradle-build-action

Fork 0

mirror of https://github.com/gradle/gradle-build-action.git synced 2024-10-06 11:46:48 +00:00

Daz DeBoer 8545e5aed7

Document the process to merge Dependabot upgrades

2022-09-27 07:53:44 -06:00

862 B

Raw Blame History

How to merge a Dependabot PR

The "distribution" for a GitHub Action is checked into the repository itself. In the case of the gradle-build-action, the transpiled sources are committed to the dist directory. Any production dependencies are inlined into the distribution. So if a Dependabot PR updates a production dependency (or a dev dependency that changes the distribution, like the Typescript compiler), then a manual step is required to rebuild the dist and commit.

The simplest process to follow is:

Checkout the dependabot branch locally eg: git checkout dependabot/npm_and_yarn/actions/github-5.1.0
Run npm install to download and the new dependencies and install locally
Run npm run build to regenerate the distribution
Push the changes to the dependabot branch
If/when the checks pass, you can merge the dependabot PR

862 B Raw Blame History

How to merge a Dependabot PR

862 B

Raw Blame History