To provide the Training Team contributors a space to host code samples for educational content, the team maintains a separate GitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ organisation at https://github.com/wptrainingteam.
In 2023, access to manage repositories in this organisation was opened up to writers for the WordPress Developer Blog, so that they could also host code examples for developer blog posts.
This GitHub organisation currently contains 137 code repositories, with more added as new developer lessons are created or new developer blog posts are published.
As with any public code, there is a risk of exposing consumers to outdated or insecure dependencies. It is therefore vital to ensure that all these repositories are automatically checked for security vulnerabilities and regularly updated.
@bph recently noticed that none of the repositories in this GitHub organisation where being checked for security updates. After some investigation, we discovered that GitHub can automatically scan all repositories in an organisation using a tool called Dependabot.
Unfortunately, just enabling Dependabot on the GitHub organisation is not enough, some manual work is required. Each repository needs to include workflows that automatically scan the repository, create a pull request to update any outdated or insecure dependencies, and automatically merge the new pull request.
This is where we need your help.
We are asking Training Team members to assist in reviewing the existing repositories, and created the required files where needed. The Training Team handbook contains a new guide on how to Set up Up Dependabot for WP Training Team repositories.
If you’d like to help, pick a code repository from the WP Training Team Repositories sheet, and follow the instructions to create the pull request containing the three required files (as detailed in the handbook page).
Once the pull request is created, please request a review on the Pull Request from any of the following people:
Thank you for helping us keep our code repositories updated and secure for all users.
