Bloomberg just put this out on our public github for use by our teams publishing open source, and it includes, apparently, a bunch of housekeeping actions.
It was generated from GitHub - cisco-ospo/oss-template: Open Source Project Template
I haven’t looked at it much or used it yet, but it might be useful as a cross check.
It looks like dependabot can watch github actions, which would be useful. oss-template/.github/dependabot.yml at main · bloomberg/oss-template · GitHub
I had a look at it. This appears to be ‘exemplar-lite++’ without cookie cutter, etc.
I see what you’re referencing there with dependabot – but what does that exactly do? Look for dependencies that might have a CVE or something?
So far it doesn’t seem too useful…
Looks for dependencies that have newer versions and provides a PR that updates them. We’re doing something similar now it seems, but dependabot is well supported and common in other ecosystems.
I guess I’m wondering what dependencies libraries have that we need to track at the moment. It’s mostly tooling like cmake and gtest as i don’t think we have much in the way of external library dependencies. But sure I guess we can discuss setting it up.
It turns out to be mostly the pre-comnit modules and GitHub actions themselves. Which are good to keep updated..