Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds a Dependabot configuration file to enable automated dependency update checks for the project. The configuration sets up daily monitoring for both Gradle dependencies and GitHub Actions, with grouping enabled for minor and patch updates to GitHub Actions.
- Adds Dependabot v2 configuration with support for Gradle and GitHub Actions ecosystems
- Configures daily update checks for both package ecosystems
- Implements grouped updates for GitHub Actions minor and patch versions
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - package-ecosystem: "gradle" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "daily" |
There was a problem hiding this comment.
The Gradle configuration is missing the open-pull-requests-limit setting that is present in the GitHub Actions configuration. Without this limit, Dependabot could potentially create an unlimited number of pull requests for Gradle dependency updates. Consider adding open-pull-requests-limit: 5 to maintain consistency with the GitHub Actions configuration and prevent excessive PRs.
| interval: "daily" | |
| interval: "daily" | |
| open-pull-requests-limit: 5 |
| - package-ecosystem: "gradle" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "daily" |
There was a problem hiding this comment.
Consider adding a groups configuration for the Gradle ecosystem similar to the GitHub Actions configuration. Grouping minor and patch updates together helps reduce PR noise by combining related dependency updates into single pull requests. This would maintain consistency with the GitHub Actions configuration and improve the dependency update workflow.
| interval: "daily" | |
| interval: "daily" | |
| open-pull-requests-limit: 5 | |
| groups: | |
| gradle-minor-patch: | |
| patterns: | |
| - "*" | |
| update-types: | |
| - "minor" | |
| - "patch" |
Pull Request
Description
Type of Change
Related Issues
Testing
Checklist