afs opened a new issue, #2928: URL: https://github.com/apache/jena/issues/2928
Run a workflow when dependabot submits pull requests. This would _not_ merge the changes. This workflow would only be for dependabot dependency updates, not all PRs. Dependency updates don't add new files so there isn't going to be license header issues on new files which do arise in fetaure PRs. If we are running automated checking, we could also grouping minor and patches because if an automated test throws up a problem, it is going to have to be manually sorted out; if it test passes then it is the combined set of changes. The way to get it to be "dependabot" only is to use `if: github.actor == 'dependabot[bot]'. (Do not trust the AIs! - some get it wrong by trying to trigger on the branch name but that is the target of the PR, not the source.) One downside is that it floods the actions log. The workflow runs on every pull request and then skips jobs, leaving a entry in the actions history. (If it triggered on the source branch name, it would not run and no log entry.) We currently have a [workflow ui.yaml](https://github.com/apache/jena/blob/main/.github/workflows/ui.yml). It does a partial build. If we conclude that the new dependency workflow works for the project, we could move some or all of the UI flow into one combined run. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
