mirror of
https://github.com/gradle/actions
synced 2024-11-23 18:02:13 +00:00
862 B
862 B
How to merge a Dependabot PR
The "distribution" for a GitHub Action is checked into the repository itself.
In the case of the gradle-build-action
, the transpiled sources are committed to the dist
directory.
Any production dependencies are inlined into the distribution.
So if a Dependabot PR updates a production dependency (or a dev dependency that changes the distribution, like the Typescript compiler),
then a manual step is required to rebuild the dist and commit.
The simplest process to follow is:
- Checkout the dependabot branch locally eg:
git checkout dependabot/npm_and_yarn/actions/github-5.1.0
- Run
npm install
to download and the new dependencies and install locally - Run
npm run build
to regenerate the distribution - Push the changes to the dependabot branch
- If/when the checks pass, you can merge the dependabot PR