Description
Move to Zig package-ecosystem when it's ready for Dependabot Workflow
Summary
We currently use GitHub Actions and Git Submodules for dependency management as listed in our Dependabot configuration. Once the Zig package-ecosystem is fully supported by Dependabot, we should transition to using it for a more native and efficient workflow. This issue aims to track the progress and plan the migration.
Details
Current Dependabot Configuration
Here is our current Dependabot configuration:
# .github/dependabot.yml
version: 2
updates:
- package-ecosystem: github-actions
directory: "/"
schedule:
interval: daily
open-pull-requests-limit: 10
- package-ecosystem: "gitsubmodule"
directory: "/"
schedule:
interval: "weekly"Tracking Issue
We are currently keeping an eye on this Dependabot core issue for Zig package-ecosystem support:
Action Items
-
Monitor the Tracking Issue: Regularly check the status of the Dependabot Core Tracking Issue for updates on Zig package-ecosystem support.
-
Update Documentation: Once Zig is supported, update all relevant documentation to include the new ecosystem.
-
Modify Dependabot Configuration: Replace the GitHub Actions and Git Submodules ecosystems in
.github/dependabot.ymlwith the Zig package-ecosystem. -
Testing: Perform rigorous testing to ensure that the new Dependabot configuration works as expected.
-
Communication: Inform team members and contributors about the change.
Additional Information
- Zig package manager documentation: temporary doc)
- Dependabot Documentation
Timeline
TBD, dependent on the availability of Zig package-ecosystem support.
Contacts
- For any security concerns, please contact [email protected].
Please feel free to add any other relevant information or action items to make this transition as smooth as possible.