The Spellcheck (GitHub) Action has seen several releases where I have not made any announcements, so to bring you up to speed I will provide a small update.
Since 0.11.0, the last announced update. 0.12.0, 0.13.0 and 0.14.0, has been released. The latest release made today.
All of these release has been based on updates to the base image use for the Docker image implementation.
- 0.14.0 2021-05-13 maintenance release, update not required
Docker image updated to Python 3.9.5 slim via PR #48 from dependabot
0.13.0 2021-04-14 maintenance release, update not required
Docker image updated to Python 3.9.4 slim via PR #41 from dependabot
0.12.0 2021-02-22 maintenance release, update not required
Docker image updated to Python 3.9.2 slim via PR #38 from dependabot
All where based on PRs from dependabot. So I will take this opportunity to write about dependabot.
I use dependabot for 3 things in this project.
- To keep my Python in order
- To keep my Docker in order
- To keep my GitHub Actions in order
The dependabot configuration file dependabot.yml
is placed in .github/
# Basic dependabot.yml file
version: 2
updates:
# Enable version updates for pip (Python)
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
# Only allow updates to the lockfile for pip and
# ignore any version updates that affect the manifest
versioning-strategy: lockfile-only
# Enable version updates for Docker
- package-ecosystem: "docker"
# Look for a `Dockerfile` in the `root` directory
directory: "/"
# Check for updates once a week
schedule:
interval: "weekly"
# Enable version updates for Actions
- package-ecosystem: "github-actions"
# Look for `.github/workflows` in the `root` directory
directory: "/"
# Check for updates once a week
schedule:
interval: "weekly"
The first one looks at my requirements.txt
, which specifies my Python dependencies. Any updates to the locakfile and I receive a PR from dependabot.
The second one looks at my Dockerfile
and if there are any recommended updates to it, I receive a PR from dependabot.
In addition to dependabot this repository uses the following GitHub Actions:
- Markdownlint Action
- And secondly this action (checking the spelling)
name: Spellcheck Action
on: push
jobs:
build:
name: Spellcheck
runs-on: ubuntu-latest
steps:
# The checkout step
- uses: actions/checkout@master
- uses: rojopolis/spellcheck-github-actions@0.13.0
name: Spellcheck
with:
source_files: README.md CHANGELOG.md
task_name: Markdown
And here is the funny part. When I do a new release I test it with the last release, so at some point dependabot will open a PR so I can update the version of the spellcheck action used.
So the uses:
- uses: rojopolis/spellcheck-github-actions@0.13.0
Will be replaced with a:
- uses: rojopolis/spellcheck-github-actions@0.14.0
And so on.
dependabot is truly awesome, so I have added a tip on using it to the spellcheck action documentation
Do yourself a favor and read up on keeping your actions up to date and secure with dependabot, it makes maintenance lot easier.
For the project itself I have received some PRs, which I am currently reviewing and evaluating for possible inclusion in the code base - more announcements will follow in the future.