Replace dependabot with GitHub Action (#356)

* Replace dependabot with GitHub Action * Use commit SHA instead of tag Co-authored-by: Marcelo Salloum dos Santos <marcelo@stellar.org> * Update issue description Co-authored-by: Marcelo Salloum dos Santos <marcelo@stellar.org>
stellar · Oct 18, 2021 · 2327650 · 2327650
1 parent 25455b2
commit 2327650
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 9 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/workflows/update_deps.yml b/.github/workflows/update_deps.yml
@@ -0,0 +1,27 @@
+name: Monthly dependency updates
+on:
+  schedule:
+    # First of every month
+    - cron: 0 0 1 * *
+
+jobs:
+  create_issue:
+    name: Update dependencies
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - name: Update dependencies
+        uses: imjohnbo/issue-bot@7e438653c0da13f4f79678a56bb9ecbd9dcc26ac
+        with:
+          title: "Update dependencies"
+          body: |
+            Update all project dependencies.
+            ```
+            yarn upgrade-interactive --latest
+            ```
+            Make sure there are no issues in the code editor, code compiles, and it runs without issues in the browser.
+          pinned: false
+          close-previous: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}