GitHub Actions dependency check

[andrewtavis]

Terms

• I have searched open and closed feature requests
• I agree to follow activist's Code of Conduct

Description

As discussed in the most recent dev sync, the team would like to create a cron job that would trigger updates of dependencies on a bi-monthly basis. The general idea of how this would work is:

• We'll keep the current Dependabot warnings and react to them as needed
• We'll run a workflow every two months
• This workflow will update all dependencies to the next available minor release
• The backend and frontend checks will be ran such that new errors will be detected
• Results will be logged and new issues will be made to work on them
• This two month process will coincide with Code Night 🌙 such that we can work together to squash 'em all 🐞

Contribution

Happy to work on this or support as needed 😊

[andrewtavis]

CC @to-sta, resident GitHub Actions wizard 🧙‍♂️🙃

[andrewtavis]

Thinking about this a bit more, maybe it makes sense that we update dependencies and just make a PR with them updated where we can see the errors. Then people would be able to check out the branch where the dependencies are updated and go through and fix the errors :) This might be easier than us manually needing to create the issues.

[andrewtavis]

We could also use Matrix-Chat-Message to alert folks in Development when the PR is made so people know to come check it out and fix what they can :)

[andrewtavis]

And for simplicity maybe it makes sense to run it on the first of the month every two months such that we don't need to figure out which day it's ran and so that we can have a few weeks to work on it before hopefully closing it in Code Night 🌙

[amrkv526]

Hi, I'd like to pick this one up as per our conversation on Matrix!

[andrewtavis]

Nice @amrkv526! Looking forward to this :)

[andrewtavis]

Closing this in favor of #1090 where we'll fix some of the issues with the current workflow :)