Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Dependabot documentation (https://github.com/woocommerce/woocommerce-blocks/pull/7141) 

* Add Dependabot documentation

* fix typos

* Update docs/internal-developers/automations/dependabot.md

Co-authored-by: Lucio Giannotta <lucio.giannotta@a8c.com>

Co-authored-by: Lucio Giannotta <lucio.giannotta@a8c.com>
This commit is contained in:
Luigi Teschio 2022-09-15 15:54:47 +02:00 committed by GitHub
parent 84432552a8
commit d1e19fc61b
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
plugins/woocommerce-blocks/docs/internal-developers/automations/README.md Normal file
View File

@ -0,0 +1,19 @@
# Automatations
This directory contains documentation for all the automations configured in this repository.
| Document | Description |
| -------------------------------------- | ------------------------------------- |
| [Dependabot](dependabot.md) | This doc explains how Dependabot works. |
<!-- FEEDBACK -->
---
[We're hiring!](https://woocommerce.com/careers/) Come work with us!
🐞 Found a mistake, or have a suggestion? [Leave feedback about this document here.](https://github.com/woocommerce/woocommerce-blocks/issues/new?assignees=&labels=type%3A+documentation&template=--doc-feedback.md&title=Feedback%20on%20./docs/internal-developers/block-client-apis/README.md)
<!-- /FEEDBACK -->

10
plugins/woocommerce-blocks/docs/internal-developers/automations/dependabot.md Normal file
View File

@ -0,0 +1,10 @@
# Dependabot
This repository uses [`Dependabot`](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) to help with keeping all the package dependencies (NPM, Composer, GitHub Actions) up to date. Without this in place, it's very easy to let the package versions we're using go stale and end up with a backlog of chores for updating those in the future. It is essential to keep dependencies updated to avoid security problems and lower overall upgrade costs.
The process is automated: Dependabot creates a branch and a PR with a package bump in package.json. A new package-lock.json is created. Automated tests are executed. Also, Dependabot will create a maximum of 10 PRs for each ecosystem (NPM, Composer, GitHub Actions).
It is the responsibility of the porter to review these PRs weekly and merge/reject them.
Dependabot's configuration is located at [`.github/dependabot.yml` path](https://github.com/woocommerce/woocommerce-blocks/blob/trunk/.github/dependabot.yml).