Skip to content

🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MariusStorhaug wants to merge 2 commits into
base: main
Choose a base branch
from
Open

🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown #18

MariusStorhaug wants to merge 2 commits into from

Conversation

@MariusStorhaug
Copy link
Member

@MariusStorhaug MariusStorhaug commented Jan 22, 2026
edited
Loading

Improves dependency management by configuring Dependabot to check daily while preventing excessive update noise through a 7-day cooldown period. This ensures timely security updates while reducing PR churn.

  • Related to PSModule workflow standardization

Dependabot configuration

Changed the update schedule from weekly to daily with a 7-day cooldown period. This provides faster detection of security vulnerabilities while avoiding duplicate PRs for the same dependency within a week.

schedule:
  interval: daily
cooldown:
  default-days: 7

Action pinning

Pinned all GitHub Actions to specific commit SHAs for improved security and reproducibility:

  • actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd (v6.0.2)
  • super-linter/super-linter@d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 (v8.3.2)
  • PSModule/Auto-Release@eabd533035e2cb9822160f26f2eda584bd012356 (v1.9.5)
  • PSModule/GitHub-Script@2010983167dc7a41bcd84cb88e698ec18eccb7ca (v1.7.8)
  • PSModule/Invoke-Pester@882994cbe1ff07c3fc8afdac52404c940f99b331 (v4.2.2)

Copilot AI review requested due to automatic review settings January 22, 2026 18:17
Copilot AI reviewed Jan 22, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Configures GitHub Dependabot to check GitHub Actions dependencies daily and introduces a 7-day delay window before updating; additionally pins several GitHub Actions workflow dependencies to specific commit SHAs.

Changes:

  • Change Dependabot schedule for github-actions from weekly to daily
  • Add a Dependabot cooldown setting with default-days: 7
  • Pin GitHub Actions used in workflows (checkout, linters, PSModule actions) to specific commit SHAs

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
.github/workflows/Linter.yml Pins actions/checkout and super-linter to specific SHAs for reproducible workflow runs.
.github/workflows/Auto-Release.yml Pins actions/checkout and PSModule/Auto-Release to specific SHAs.
.github/workflows/Action-Test.yml Pins actions/checkout, PSModule/GitHub-Script, and PSModule/Invoke-Pester to specific SHAs.
.github/dependabot.yml Updates Dependabot to run daily for GitHub Actions and adds a 7-day cooldown setting.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/dependabot.yml
Comment on lines 13 to +16
schedule:
interval: weekly
interval: daily
cooldown:
default-days: 7
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR description/title only mention changing Dependabot schedule/cooldown, but this PR also updates multiple GitHub Actions workflow steps to pin actions to specific commit SHAs (checkout, super-linter, PSModule actions). Please update the PR description (and possibly title) to reflect these workflow changes, or split them into a separate PR so reviewers can track the intent clearly.

Copilot uses AI. Check for mistakes.
@MariusStorhaug MariusStorhaug changed the title 🩹 Configure Dependabot for daily schedule with 7-day cooldown 🩹[Patch] Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹[Patch] Configure Dependabot for daily schedule with 7-day cooldown 🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown 🩹 [Patch] Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹 [Patch] Configure Dependabot for daily schedule with 7-day cooldown 🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug self-assigned this Jan 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 0 approving reviews are required to merge this pull request.

Assignees

@MariusStorhaug MariusStorhaug

Labels

Patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MariusStorhaug