damccorm commented on PR #12: URL: https://github.com/apache/beam-starter-python/pull/12#issuecomment-1302567341
I don't have much to add beyond the conversation above - there's not really an established best practice here, other than maybe merging the changes to your fork and validating things are working there before merging upstream (which is highly manual). I wouldn't mind trying the validate-dependabot action; its not huge, but it does at least have 30 users - https://github.com/marocchino/validate-dependabot/network/dependents - and its easy to disable if things go badly. Another alternative is yaml linting - https://github.com/ibiqlik/action-yamllint - which would've caught this but won't catch everything. Neither of those options actually test that you've specified your desired behavior, just that your syntax is valid. Overall, though, my recommendation would probably just be to do nothing. The cost of messing up one of these configs is pretty low since you'll still get a failure notification on the next dependabot run, and uptime isn't super important. I expect its unlikely we'd get enough value to justify another dependency. Maybe dependabot will expose their schema eventually (I think Actions is considering that option based on some conversations I had at All Things Open); at that point it might be more worthwhile. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
