Skip to content

ci(dependabot): reduce noise and skip ReEDS run for dependabot updates#79

Merged
pesap merged 3 commits into
mainfrom
pesap/dependabot
May 4, 2026
Merged

ci(dependabot): reduce noise and skip ReEDS run for dependabot updates#79
pesap merged 3 commits into
mainfrom
pesap/dependabot

Conversation

@pesap
Copy link
Copy Markdown
Contributor

@pesap pesap commented May 1, 2026

Summary

  • reduce Dependabot update noise by grouping updates and slowing cadence
  • run github-actions updates every 14 days via cron
  • skip ReEDS and R2X CI jobs when actor is dependabot bot to avoid license-related failures

Validation

  • ruby YAML parse check for .github/dependabot.yml and .github/workflows/python-app.yaml

@pesap pesap requested a review from patrickbrown4 May 1, 2026 20:35
@pesap pesap changed the title ci(dependabot): reduce noise and skip ReEDS ci(dependabot): reduce noise and skip ReEDS run for dependabot updates May 1, 2026
patrickbrown4
patrickbrown4 reviewed May 1, 2026
View reviewed changes
Comment thread .github/dependabot.yml
Copy link
Copy Markdown
Contributor

@patrickbrown4 patrickbrown4 May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Pedro. Can we limit dependabot to the github actions and ignore environment.yml entirely? We inflexibly specify the major.minor versions and only update the environment every few years, so it doesn't seem necessary to check every 2 weeks.

Copy link
Copy Markdown
Contributor Author

@pesap pesap May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good. I removed completely the python dependabot update. Now it is isolated to the CI.

@pesap
Copy link
Copy Markdown
Contributor Author

pesap commented May 4, 2026

@patrickbrown4 it should be ready for re-review

@pesap pesap requested a review from patrickbrown4 May 4, 2026 16:43
patrickbrown4
patrickbrown4 approved these changes May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@patrickbrown4 patrickbrown4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, thanks!

Comment thread .github/dependabot.yml Outdated
schedule:
interval: "weekly"
interval: "cron"
cronjob: "0 6 */14 * *"
Copy link
Copy Markdown
Contributor

@patrickbrown4 patrickbrown4 May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(minor nitpick) Are comments allowed in this file? If so, maybe add one here explaining what this means? (It looks like it will execute twice near the end of the month, on the 29th and then on the 1st - maybe you could just do every second Monday instead? Not a bit deal; up to you.)

Copy link
Copy Markdown
Contributor Author

@pesap pesap May 4, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good. Added a message for that with the suggestion of the cadence see 8c71c4c

@pesap pesap merged commit 580eae3 into main May 4, 2026
13 checks passed
@pesap pesap deleted the pesap/dependabot branch May 4, 2026 20:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@patrickbrown4 patrickbrown4 patrickbrown4 approved these changes

Assignees

No one assigned

Labels

dependencies github_actions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pesap @patrickbrown4