Tips for Continuous Integration
How fossabot uses your CI results, and how to make sure bot pull requests have the secrets and UI test coverage they need.
Overview
fossabot reads your CI results from GitHub Actions, including output from linters, test runners, and UI testing tools like Storybook and Playwright.
It uses that data in three ways:
- To decide whether an upgrade is compatible.
- To shape its code fix recommendations.
- To construct automated commits that address the issues it finds.
The better your CI signal, the better fossabot's decisions.
Secret access
fossabot acts through pull requests, so make sure bot pull requests can reach the secrets your CI needs to run. Where that is a concern, create reduced-scope or read-only credentials for these runs.
UI testing tools
Linters and test suites usually run on pull requests already. UI testing suites should run on bot pull requests too, both those created by Dependabot, Renovate, or Snyk and those created by fossabot. Enabling them lets fossabot use UI test results that are otherwise checked by hand.
- Storybook supports test automation you can run in CI.
- Playwright documents how to run UI tests in CI.