Run npm-update in a GitHub workflow

This avoids a lot of moving parts in our infrastructure (webhook, npm-trigger roundtrip, tasks container), works in exactly the same way for independent third-party projects, and does not need *any* secret other than the automatically provided GitHub token. Let this run early every morning, roughly similar frequency as cockpituous used to do. Also add a manual trigger, so that we get a button to run it on demand. Closes #384
2020-10-20 09:08:08 +02:00 · 2020-10-20 09:08:08 +02:00 · 8e16b06df2
commit 8e16b06df2
parent 7838cb70a9
3 changed files with 33 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -103,6 +103,14 @@ with detailed comments how to use it. There is also an
 [example GitHub release action](.github/workflows/release.yml.disabled) to set
 up secrets and run cockpituous.

+# Automated maintenance
+
+It is important to keep your [NPM modules](./package.json) up to date, to keep
+up with security updates and bug fixes. This is done with the
+[npm-update bot script](https://github.com/cockpit-project/bots/blob/master/npm-update)
+which is run weekly or upon [manual request](https://github.com/cockpit-project/starter-kit/actions) through the
+[npm-update.yml](.github/workflows/npm-update.yml) [GitHub action](https://github.com/features/actions).
+
 # Further reading

 * The [Starter Kit announcement](http://cockpit-project.org/blog/cockpit-starter-kit.html)