Skip to content

Commit

Permalink
chore: only run upgrade deps workflow once weekly [skip ci] (#59)
Browse files Browse the repository at this point in the history 
This is up for debate, but daily dependency updates (and therefore new releases) seem like overkill. 

This also increases the risk/likelihood of bringing in new malicious dependency versions (e.g., what happened with `colors`).
  • Loading branch information
@echeung-amzn
echeung-amzn authored Mar 8, 2022
1 parent 18e595c commit ea7d4a2
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/upgrade-main.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 8 additions & 1 deletion .projenrc.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
const { awscdk, DependencyType } = require("projen");
const { awscdk, DependencyType, javascript } = require("projen");

const CDK_VERSION = "1.123.0";
const CONSTRUCTS_VERSION = "3.3.69";
Expand Down Expand Up @@ -43,6 +43,13 @@ const project = new awscdk.AwsCdkConstructLibrary({
secret: "GITHUB_TOKEN",
},
autoApproveUpgrades: true,
depsUpgradeOptions: {
workflowOptions: {
schedule: javascript.UpgradeDependenciesSchedule.expressions([
"0 0 * * 1",
]),
},
},

// Code linting config
prettier: true,
Expand Down

0 comments on commit ea7d4a2

Please sign in to comment.