Skip to content

chore: enable dependabot configuration (AUT-106)#17

Open
nakhan-sonata-afk wants to merge 3 commits intoedx:mainfrom
nakhan-sonata-afk:AUT-106-Enable-Dependabot-Alerts-for-Repo-edx-filters-pipelines
Open

chore: enable dependabot configuration (AUT-106)#17
nakhan-sonata-afk wants to merge 3 commits intoedx:mainfrom
nakhan-sonata-afk:AUT-106-Enable-Dependabot-Alerts-for-Repo-edx-filters-pipelines

Conversation

@nakhan-sonata-afk
Copy link
Copy Markdown

@nakhan-sonata-afk nakhan-sonata-afk commented Apr 3, 2026

Summary

Enabled Dependabot configuration for automated dependency updates.

Changes

  • Added .github/dependabot.yml
  • Configured updates for:
    • Python (pip dependencies)
    • Github Actions
  • Set weekly update schedule
  • Added labels and commit message convention

Schedule

  • Runs weekly on Monday at 06:00 UTC (pip)
  • Runs weekly on Monday at 06:30 UTC (GitHub Actions)

Testing

  • Verified dependabot.yml syntax
  • Configuration follows standard repository setup
  • Dependabot will automatically create PRs on scheduled runs

Impact

  • No impact on existing functionality
  • Only configuration change

Jira

AUT-106

Copilot AI review requested due to automatic review settings April 3, 2026 19:01
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a Dependabot configuration to automate dependency update pull requests for the repository’s Python and GitHub Actions dependencies on a weekly schedule.

Changes:

  • Added .github/dependabot.yml with weekly schedules for pip and GitHub Actions updates.
  • Configured PR metadata (labels, reviewers) and commit message prefixes.
  • Introduced grouping intent for Python minor/patch updates.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/dependabot.yml
Comment on lines +5 to +12
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "06:00"
timezone: "UTC"
open-pull-requests-limit: 3
Copy link

Copilot AI Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the pip ecosystem, directory: "/" likely won’t pick up this repo’s dependency manifests because the pinned requirements files live under requirements/ (e.g., requirements/base.in, requirements/test.in, etc.) and there is no root-level requirements.txt. As a result Dependabot may not propose updates for most Python dependencies. Consider changing the pip entry to directory: "/requirements" (and/or adding a second pip update entry for / if you also want to track packaging metadata in setup.py).

Copilot uses AI. Check for mistakes.
Comment thread .github/dependabot.yml
Comment on lines +25 to +30
groups:
python-minor-and-patch:
update-types:
- "minor"
- "patch"

Copy link

Copilot AI Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The groups configuration defines python-minor-and-patch with update-types, but it doesn’t specify any patterns (or other matching criteria) to indicate which dependencies should be included in the group. Dependabot group definitions require match rules; without them this section may be ignored or treated as invalid. Add an explicit match rule (e.g., a wildcard pattern or a set of dependency name patterns) so minor/patch updates are actually grouped as intended.

Copilot uses AI. Check for mistakes.
Copilot AI review requested due to automatic review settings April 3, 2026 19:50
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

subhashree-sahu31
subhashree-sahu31 approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown

@subhashree-sahu31 subhashree-sahu31 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@subhashree-sahu31 subhashree-sahu31 subhashree-sahu31 approved these changes

@ssurendrannair ssurendrannair ssurendrannair approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nakhan-sonata-afk @subhashree-sahu31 @ssurendrannair