Onboard repository to Dependabot for automated testing and AI dependency updates (#800)

* Initial plan

* Add Dependabot configuration for automated dependency updates

Co-authored-by: eiriktsarpalis <[email protected]>

* Add Dependabot documentation and complete onboarding

Co-authored-by: eiriktsarpalis <[email protected]>

* Refactor Dependabot config to only update testing dependencies and remove documentation

Co-authored-by: eiriktsarpalis <[email protected]>

* Remove redundant allow list and use groups + ignore instead

Co-authored-by: eiriktsarpalis <[email protected]>

* Use wildcard patterns in ignore list for cleaner configuration

Co-authored-by: eiriktsarpalis <[email protected]>

* Add Microsoft.Extensions.AI group and remove from ignore list

Co-authored-by: eiriktsarpalis <[email protected]>

* Update .github/dependabot.yml

* Move microsoft-extensions-ai group to top of groups section

Co-authored-by: eiriktsarpalis <[email protected]>

* Update .github/dependabot.yml

* Update .github/dependabot.yml

* Remove packages with fixed version strings from dependency groups

Co-authored-by: eiriktsarpalis <[email protected]>

* remove Microsoft.Extensions packages

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: eiriktsarpalis <[email protected]>
Co-authored-by: Eirik Tsarpalis <[email protected]>

Author: Copilot

.github/dependabot.yml

@@ -0,0 +1,71 @@
+# Configuration for Dependabot automatic dependency updates
+# See https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  # Monitor testing dependencies only
+  - package-ecosystem: "nuget"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+    # Dependencies are controlled via the groups below
+    # Group dependencies to reduce PR noise
+    groups:
+      testing-frameworks:
+        patterns:
+          - "xunit.*"
+          - "Microsoft.NET.Test.Sdk"
+          - "coverlet.*"
+          - "GitHubActionsTestLogger"
+          - "Moq"
+      opentelemetry-testing:
+        patterns:
+          - "OpenTelemetry*"
+      serilog-testing:
+        patterns:
+          - "Serilog*"
+      other-testing:
+        patterns:
+          - "Anthropic.SDK"
+          - "System.Linq.AsyncEnumerable"
+          - "System.Net.Http"
+          - "JsonSchema.Net"
+    # Ignore product dependencies - only allow testing dependencies in groups above
+    ignore:
+      # Ignore all Microsoft product dependencies except those explicitly defined in groups.
+      - dependency-name: "Microsoft.Extensions.Hosting.Abstractions"
+      - dependency-name: "Microsoft.Extensions.Logging.Abstractions"
+      - dependency-name: "Microsoft.Extensions.AI.OpenAI"
+      - dependency-name: "Microsoft.Extensions.TimeProvider.Testing" 
+      - dependency-name: "Microsoft.AspNetCore.*"
+      - dependency-name: "Microsoft.IdentityModel.*"
+      - dependency-name: "Microsoft.Bcl.*"
+      - dependency-name: "Microsoft.SourceLink.*"
+      # Ignore all System product dependencies except those explicitly in testing groups
+      - dependency-name: "System.Diagnostics.*"
+      - dependency-name: "System.IO.*"
+      - dependency-name: "System.Text.*"
+      - dependency-name: "System.Threading.*"
+      - dependency-name: "System.Net.ServerSentEvents"
+    # Limit the number of open pull requests for testing dependencies
+    open-pull-requests-limit: 5
+    # Add labels to dependency update PRs
+    labels:
+      - "dependencies"
+      - "testing"
+
+  # Monitor GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+    # Limit the number of open pull requests for GitHub Actions to 5
+    open-pull-requests-limit: 5
+    # Add labels to GitHub Actions update PRs
+    labels:
+      - "dependencies"
+      - "github-actions"