DEV Community

Jonas Brømsø
Jonas Brømsø

Posted on

Releases 0.12.0, 0.13.0 and 0.14.0 of Spellcheck (GitHub) Action - the work of dependabot

The Spellcheck (GitHub) Action has seen several releases where I have not made any announcements, so to bring you up to speed I will provide a small update.

Since 0.11.0, the last announced update. 0.12.0, 0.13.0 and 0.14.0, has been released. The latest release made today.

All of these release has been based on updates to the base image use for the Docker image implementation.

  • 0.14.0 2021-05-13 maintenance release, update not required
  • Docker image updated to Python 3.9.5 slim via PR #48 from dependabot

  • 0.13.0 2021-04-14 maintenance release, update not required

  • Docker image updated to Python 3.9.4 slim via PR #41 from dependabot

  • 0.12.0 2021-02-22 maintenance release, update not required

  • Docker image updated to Python 3.9.2 slim via PR #38 from dependabot

All where based on PRs from dependabot. So I will take this opportunity to write about dependabot.

I use dependabot for 3 things in this project.

  • To keep my Python in order
  • To keep my Docker in order
  • To keep my GitHub Actions in order

The dependabot configuration file dependabot.yml is placed in .github/

# Basic dependabot.yml file

version: 2
updates:
  # Enable version updates for pip (Python)
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: "weekly"
    # Only allow updates to the lockfile for pip and
    # ignore any version updates that affect the manifest
    versioning-strategy: lockfile-only

  # Enable version updates for Docker
  - package-ecosystem: "docker"
    # Look for a `Dockerfile` in the `root` directory
    directory: "/"
    # Check for updates once a week
    schedule:
      interval: "weekly"

  # Enable version updates for Actions
  - package-ecosystem: "github-actions"
    # Look for `.github/workflows` in the `root` directory
    directory: "/"
    # Check for updates once a week
    schedule:
      interval: "weekly"
Enter fullscreen mode Exit fullscreen mode

The first one looks at my requirements.txt, which specifies my Python dependencies. Any updates to the locakfile and I receive a PR from dependabot.

The second one looks at my Dockerfile and if there are any recommended updates to it, I receive a PR from dependabot.

In addition to dependabot this repository uses the following GitHub Actions:

name: Spellcheck Action
on: push

jobs:
  build:
    name: Spellcheck
    runs-on: ubuntu-latest
    steps:
    # The checkout step
    - uses: actions/checkout@master
    - uses: rojopolis/spellcheck-github-actions@0.13.0
      name: Spellcheck
      with:
        source_files: README.md CHANGELOG.md
        task_name: Markdown
Enter fullscreen mode Exit fullscreen mode

And here is the funny part. When I do a new release I test it with the last release, so at some point dependabot will open a PR so I can update the version of the spellcheck action used.

So the uses:

- uses: rojopolis/spellcheck-github-actions@0.13.0
Enter fullscreen mode Exit fullscreen mode

Will be replaced with a:

- uses: rojopolis/spellcheck-github-actions@0.14.0
Enter fullscreen mode Exit fullscreen mode

And so on.

dependabot is truly awesome, so I have added a tip on using it to the spellcheck action documentation

Do yourself a favor and read up on keeping your actions up to date and secure with dependabot, it makes maintenance lot easier.

For the project itself I have received some PRs, which I am currently reviewing and evaluating for possible inclusion in the code base - more announcements will follow in the future.

Top comments (0)