The Spellcheck (GitHub) Action has seen several releases where I have not made any announcements, so to bring you up to speed I will provide a small update.
Since 0.11.0, the last announced update. 0.12.0, 0.13.0 and 0.14.0, has been released. The latest release made today.
All of these release has been based on updates to the base image use for the Docker image implementation.
- 0.14.0 2021-05-13 maintenance release, update not required
Docker image updated to Python 3.9.5 slim via PR #48 from dependabot
0.13.0 2021-04-14 maintenance release, update not required
Docker image updated to Python 3.9.4 slim via PR #41 from dependabot
0.12.0 2021-02-22 maintenance release, update not required
Docker image updated to Python 3.9.2 slim via PR #38 from dependabot
All where based on PRs from dependabot. So I will take this opportunity to write about dependabot.
I use dependabot for 3 things in this project.
- To keep my Python in order
- To keep my Docker in order
- To keep my GitHub Actions in order
The dependabot configuration file
dependabot.yml is placed in
# Basic dependabot.yml file version: 2 updates: # Enable version updates for pip (Python) - package-ecosystem: "pip" directory: "/" schedule: interval: "weekly" # Only allow updates to the lockfile for pip and # ignore any version updates that affect the manifest versioning-strategy: lockfile-only # Enable version updates for Docker - package-ecosystem: "docker" # Look for a `Dockerfile` in the `root` directory directory: "/" # Check for updates once a week schedule: interval: "weekly" # Enable version updates for Actions - package-ecosystem: "github-actions" # Look for `.github/workflows` in the `root` directory directory: "/" # Check for updates once a week schedule: interval: "weekly"
The first one looks at my
requirements.txt, which specifies my Python dependencies. Any updates to the locakfile and I receive a PR from dependabot.
The second one looks at my
Dockerfile and if there are any recommended updates to it, I receive a PR from dependabot.
In addition to dependabot this repository uses the following GitHub Actions:
- Markdownlint Action
- And secondly this action (checking the spelling)
name: Spellcheck Action on: push jobs: build: name: Spellcheck runs-on: ubuntu-latest steps: # The checkout step - uses: actions/checkout@master - uses: email@example.com name: Spellcheck with: source_files: README.md CHANGELOG.md task_name: Markdown
And here is the funny part. When I do a new release I test it with the last release, so at some point dependabot will open a PR so I can update the version of the spellcheck action used.
So the uses:
- uses: firstname.lastname@example.org
Will be replaced with a:
- uses: email@example.com
And so on.
Do yourself a favor and read up on keeping your actions up to date and secure with dependabot, it makes maintenance lot easier.
For the project itself I have received some PRs, which I am currently reviewing and evaluating for possible inclusion in the code base - more announcements will follow in the future.