8000 CI: Add dependabot cooldown for pip by SMoraisAnsys · Pull Request #5999 · ansys/pyaedt · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

CI: Add dependabot cooldown for pip #5999

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 4, 2025
Merged

CI: Add dependabot cooldown for pip #5999

merged 2 commits into from
Apr 4, 2025

Conversation

SMoraisAnsys
Copy link
Collaborator
@SMoraisAnsys SMoraisAnsys commented Apr 3, 2025
edited
Loading

Description

Add a cooldown to updates associated to pip. This would mitigate, to some extent, exposure to supply chain attacks since dependabot wouldn't run CICD in our self hosted runners until 7 days after the release has been published. During those 7 days, if a vulnerability is found, we can hope for a new release fixing the vulnerability and avoiding us to be exposed.

Note

This cooldown feature is not yet available for github actions. See dependabot/dependabot-core#3651

Issue linked

Associated to #5524

Checklist

  • I have tested my changes locally.
  • I have added necessary documentation or updated existing documentation.
  • I have followed the coding style guidelines of this project.
  • I have added appropriate tests (unit, integration, system).
  • I have reviewed my changes before submitting this pull request.
  • I have linked the issue or issues that are solved by the PR if any.
  • I have agreed with the Contributor License Agreement (CLA).

8000
@SMoraisAnsys SMoraisAnsys self-assigned this Apr 3, 2025
@ansys-reviewer-bot
Copy link
Contributor

Thanks for opening a Pull Request. If you want to perform a review write a comment saying:

@ansys-reviewer-bot review

@github-actions github-actions bot added the maintenance Package and maintenance related label Apr 3, 2025
@codecov Codecov
Copy link
codecov bot commented Apr 3, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.06%. Comparing base (fe52ee3) to head (6a7295e).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5999      +/-   ##
==========================================
+ Coverage   85.05%   85.06%   +0.01%     
==========================================
  Files         165      165              
  Lines       62906    62906              
==========================================
+ Hits        53503    53510       +7     
+ Misses       9403     9396       -7
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

MaxJPRey
MaxJPRey approved these changes Apr 3, 2025
View reviewed changes
Copy link
Collaborator
@MaxJPRey MaxJPRey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGMT.

@SMoraisAnsys SMoraisAnsys merged commit 7356cf8 into main Apr 4, 2025
55 checks passed
@SMoraisAnsys SMoraisAnsys deleted the ci/add-dependabot-cooldown branch April 4, 2025 09:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Samuelopez-ansys Samuelopez-ansys Samuelopez-ansys approved these changes

@MaxJPRey MaxJPRey MaxJPRey approved these changes

@maxcapodi78 maxcapodi78 Awaiting requested review from maxcapodi78

Assignees

@SMoraisAnsys SMoraisAnsys

Labels
maintenance Package and maintenance related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@SMoraisAnsys @Samuelopez-ansys @MaxJPRey @pyansys-ci-bot
0