Add dependabot.yml to automate GitHub actions dependency updates#146
Closed
Sandhya1236 wants to merge 2 commits intoqualcomm-linux:mainfrom
Closed
Conversation
This PR adds the Qualcomm QC Preflight Checks workflow using the shared orchestrator: qcom-reusable-workflows/reusable-qcom-preflight-checks-orchestrator.yml@v2 The workflow enables: - Semgrep scan - Dependency review - Repolinter check - Copyright/license check - Commit email check These checks help standardize code quality and security validation across the repository. Signed-off-by: Sandhya Adavikolanu <sadaviko@qti.qualcomm.com> Signed-off-by: Sandhya Adavikolanu <sadaviko@qti.qualcomm.com>
This PR adds a Dependabot configuration (dependabot.yml) to automatically keep GitHub Actions up to date. Enabling Dependabot helps ensure the repository remains secure, follows best practices, and stays aligned with Qualcomm engineering standards. Key details: Enables Dependabot for the GitHub Actions ecosystem Scans the root directory (/) where workflows are located Schedules checks to run daily Automates version update PRs for workflow dependencies This improves repository maintainability and helps proactively identify outdated or vulnerable GitHub Actions. Signed-off-by: Sandhya Adavikolanu <sadaviko@qti.qualcomm.com> Signed-off-by: Sandhya Adavikolanu <sadaviko@qti.qualcomm.com>
Sandhya1236
force-pushed
the
add-dependabot.yml-to-automate-GitHub-Actions-dependency-updates
branch
from
b9ba748 to
a9b4487
Compare
|
This PR also attempts to add the QC Preflight Checks, which is already a part of #144. Can you re-open with just the depandabot change? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds a Dependabot configuration (dependabot.yml) to automatically keep GitHub Actions up to date. Enabling Dependabot helps ensure the repository remains secure, follows best practices, and stays aligned with Qualcomm engineering standards.
Key details:
Enables Dependabot for the GitHub Actions ecosystem
Scans the root directory (/) where workflows are located
Schedules checks to run daily
Automates version update PRs for workflow dependencies
This improves repository maintainability and helps proactively identify outdated or vulnerable GitHub Actions.