Skip to content

Add Dependabot configuration#7

Open
Copilot wants to merge 2 commits into
mainfrom
copilot/copy-dependencybot-configuration
Open

Add Dependabot configuration#7
Copilot wants to merge 2 commits into
mainfrom
copilot/copy-dependencybot-configuration

Conversation

Copy link
Copy Markdown

Copilot AI commented May 9, 2026
edited
Loading

Copies the Dependabot configuration from wgtechlabs/unthread-webhook-server, scoped to the ecosystems present in this repository.

Changes

  • Added .github/dependabot.yml with weekly update checks for:
    • npm dependencies (grouped minor/patch updates, limit 10 PRs)
  • All Dependabot PRs target the dev branch with the ☕ chore commit prefix and security/infra labels.
  • GitHub Actions and Docker ecosystem blocks were omitted as the repository currently has no workflow files or Dockerfile.

Copilot AI requested a review from warengonzaga May 9, 2026 12:38
@warengonzaga warengonzaga marked this pull request as ready for review May 9, 2026 12:44
Copilot AI review requested due to automatic review settings May 9, 2026 12:44
Copilot AI reviewed May 9, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a GitHub Dependabot configuration to automate weekly dependency update PRs targeting the dev branch.

Changes:

  • Introduces .github/dependabot.yml with weekly checks for npm, GitHub Actions, and Docker ecosystems.
  • Groups npm minor/patch updates and applies consistent PR limits, labels, and commit message prefixing.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/dependabot.yml Outdated
Comment on lines +23 to +36
# GitHub Actions versions
- package-ecosystem: "github-actions"
directory: "/"
target-branch: "dev"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
commit-message:
prefix: "☕ chore"
labels:
- "security"
- "infra"

Comment thread .github/dependabot.yml Outdated
Comment on lines +36 to +49

# Docker base image
- package-ecosystem: "docker"
directory: "/"
target-branch: "dev"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 3
commit-message:
prefix: "☕ chore"
labels:
- "security"
- "infra"
@warengonzaga
Copy link
Copy Markdown
Owner

warengonzaga commented May 9, 2026

@copilot apply changes based on the comments in this thread

@warengonzaga
Remove github-actions and docker dependabot blocks (no workflows or D…
ab4848f 
…ockerfile present)

Agent-Logs-Url: https://github.com/warengonzaga/love-cards/sessions/14aee106-86dc-464e-92f9-78d0ac0e28ee

Co-authored-by: warengonzaga <15052701+warengonzaga@users.noreply.github.com>
Copy link
Copy Markdown
Author

Copilot AI commented May 9, 2026

@copilot apply changes based on the comments in this thread

Done in ab4848f. Removed both the github-actions and docker blocks from dependabot.yml since the repo has no workflow files or Dockerfile. Only the npm block remains.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@warengonzaga warengonzaga Awaiting requested review from warengonzaga

Assignees

@warengonzaga warengonzaga

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@warengonzaga