These instructions are only for administrators of the https://github.com/wptrainingteam GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ organisation
Once a new PR has been created to add the Dependabot, auto-approve, and auto-merge workflow files, these are the things to check when reviewing.
- Have all three files been created, and in the right place?
- Does the dependabot.yml file cover either/both possible dependency types (eg, composer and/or npm)
- Are the directory paths correct (ie, if the composer.jsonJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML./package.json file is located in a subdirectory, is the dependabot.yml configured correctly)
If the Pull Request looks good, the last thing to check is whether the repository has Branch Protection rules in place.
Checking Branch Protection Rules
At the top of the Repository page, navigate to Settings, expand Rules, and click on Rulesets. There should be one Ruleset titled “Branch Protection Rules” with a description “3 branch rules • targeting 1 branch”
If you see the message “You haven’t created any rulesets”, click on New Ruleset and select Import a Ruleset. Import the contents of the Branch Protection Rules.json file, available for download here.
Once imported, scroll to the bottom of the new Ruleset and click Create.
With all this in place, you can merge the Pull Request.
