-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add rust-maintain
to auto-update Dependencies and auto-fix lints
#58
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #58 +/- ##
==========================================
- Coverage 98.53% 98.52% -0.02%
==========================================
Files 21 21
Lines 6775 6775
==========================================
- Hits 6676 6675 -1
- Misses 99 100 +1
☔ View full report in Codecov by Sentry. |
fa8fd27
to
dd5e8bc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we change our dependabot config in some way to delegate to this action?
pull-requests: write | ||
|
||
steps: | ||
# you should use a *pinned commit*: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a reminder about software supply chain issues and auditing your dependencies: https://github.com/Swatinem/rust-maintain?tab=readme-ov-file#permissions--security :-)
As this action is running with hightened permissions.
Well, good that I run this on a real world repo, there was two problems with this run:
|
See https://github.com/Swatinem/rust-maintain.
I published this action a while back, but haven’t hooked it up yet to an existing repo.