https://github.com/openactive/github-actions-workflows
A repository that contains reusable GitHub Actions Workflows that are referenced throughout the OpenActive GitHub organisation
https://github.com/openactive/github-actions-workflows
Last synced: 4 months ago
JSON representation
A repository that contains reusable GitHub Actions Workflows that are referenced throughout the OpenActive GitHub organisation
- Host: GitHub
- URL: https://github.com/openactive/github-actions-workflows
- Owner: openactive
- License: mit
- Created: 2023-09-22T18:48:24.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2025-05-12T10:34:55.000Z (about 1 year ago)
- Last Synced: 2025-06-11T06:42:10.100Z (12 months ago)
- Size: 16.6 KB
- Stars: 0
- Watchers: 7
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# github-actions-workflows
A repository that contains reusable GitHub Actions Workflows that are referenced throughout the OpenActive GitHub organisation
## dependabot-auto-approve
Ensures that dependencies stay updated automatically, with maintainers only intervening by exception (i.e. when an automatic update fails).
Note that [security concerns](https://github.com/dependabot/dependabot-core/issues/2243) are mitigated as (i) the GitHub actions that test PRs [do not have access to any secrets](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#accessing-secrets), and (ii) approval of dependabot PRs is delayed for 20 days, to allow time for vulnerabilities to be discovered and the offending version removed from npm (and allow time for dependabot to close the associated PR).