Skip to content

Add dependabot config for github-actions ecosystem#624

Open
jbampton wants to merge 3 commits into
apache:mainfrom
jbampton:add-dependabot-for-actions-ecosystem
Open

Add dependabot config for github-actions ecosystem#624
jbampton wants to merge 3 commits into
apache:mainfrom
jbampton:add-dependabot-for-actions-ecosystem

Conversation

@jbampton

@jbampton jbampton commented Jan 7, 2026

Copy link
Copy Markdown
Member

Basic setup added to automate updates

https://docs.github.com/en/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories

Changes

How I tested this

Notes

Checklist

  • PR has an informative and human-readable title (this will be pulled into the release notes)
  • Changes are limited to a single goal (no scope creep)
  • Code passed the pre-commit check & code is left cleaner/nicer than when first encountered.
  • Any change in functionality is tested
  • New functions are documented (with a description, list of inputs, and expected output)
  • Placeholder code is flagged / future TODOs are captured in comments
  • Project documentation has been updated if adding/changing functionality.

@andreahlert andreahlert added kind/improvement Improving something that already exists area/ci Workflows, build, release scripts labels Mar 30, 2026
@jbampton @andreahlert
Add dependabot config for github-actions ecosystem
62dd2d5 
Basic setup added to automate updates
@andreahlert andreahlert force-pushed the add-dependabot-for-actions-ecosystem branch from ca89574 to 62dd2d5 Compare May 28, 2026 08:20
@andreahlert
Auto-assign apache/burr-committers as reviewers on dependabot PRs
234946b 
Without a reviewers entry, dependabot PRs land unowned and rely on
someone happening to spot them in the PR list. Routing review to the
burr-committers team makes it visible to everyone with merge rights.
@andreahlert
Tag dependabot PRs with labels and a ci scope prefix
85499c9 
- labels: dependencies (matches the convention already used by
  GitHub-generated security PRs) and area/ci (matches the auto-labeler
  rule for .github/** in .github/labeler.yml).
- commit-message: prefix "ci" with scope, so commit titles become e.g.
  "ci(deps): bump actions/checkout from v3 to v4", matching the
  conventional-commit style used in recent commits on main.
andreahlert
andreahlert approved these changes May 28, 2026
View reviewed changes

@andreahlert andreahlert left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Just added Auto-assign apache/burr-committers as reviewers on dependabot PRs, labels and ci prefix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andreahlert andreahlert andreahlert approved these changes

Assignees

@jbampton jbampton

Labels

area/ci Workflows, build, release scripts kind/improvement Improving something that already exists

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jbampton @andreahlert