You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -19,6 +19,21 @@ import FileTree from '../../../components/file-tree.astro';
The 'main.yml' github action is triggered on every push to the repo. It builds the project and conditionally
runs the related Sonarqube scans depending on if any files have changed. See more here for how that works [Source helper](https://how.wtf/run-workflow-step-or-job-based-on-file-changes-github-actions.html).
### Dependabot
Dependabot runs every workday in the morning. It checks for any dependency updates and creates a PR if it finds any. It also checks for any security vulnerabilities and creates a PR if it finds any.
Updates are then manually reviewed and merged in the following order:
1. Security updates (Any change to Dependabot or CodeQL github-actions counts as a security update).
2. Breaking updates.
3. Non-breaking 'github-actions' updates.
4. Non-breaking 'dependency' updates.
5. Non-breaking 'devDependency' updates.
If after merging a PR a Dependabot PR has a conflict, Dependabot will automatically update the PR with the latest changes and rebase it. This can take a few minutes.
To see the progress of these updates they can be found [here](https://github.com/NigelBreslaw/guardian-ghost/network/updates).
