Skip to content

Stop env Dependabot#566

Merged
burtenshaw merged 1 commit into
mainfrom
chore/disable-env-dependabot
Apr 18, 2026
Merged

Stop env Dependabot#566
burtenshaw merged 1 commit into
mainfrom
chore/disable-env-dependabot

Conversation

@burtenshaw

Copy link
Copy Markdown
Collaborator

This PR adds an explicit .github/dependabot.yml so Dependabot keeps tracking repo-level uv and GitHub Actions updates but stops scanning anything under envs/**.

It prevents new envs/ version-update PRs from being opened while preserving root dependency maintenance for the main package and workflows.

Validation:

  • .github/dependabot.yml parses as YAML.

@meta-cla meta-cla Bot added the CLA Signed This label is managed by the Meta Open Source bot. label Apr 18, 2026
@greptile-apps

greptile-apps Bot commented Apr 18, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

Adds a .github/dependabot.yml that enables weekly Dependabot scans for the root uv manifest and GitHub Actions workflows, while explicitly excluding envs/** from the uv update block to stop environment-specific dependency PRs. The configuration is syntactically valid and uses the exclude-paths glob option that is officially supported by GitHub Dependabot for the uv ecosystem.

Confidence Score: 5/5

Safe to merge — purely additive config-only change with no code impact.

Single new YAML file with no code changes; all options (exclude-paths, uv ecosystem) are confirmed valid by GitHub's official Dependabot docs. No Tier 1 or Tier 2 issues found.

No files require special attention.

Important Files Changed

Filename Overview
.github/dependabot.yml New Dependabot config that tracks root-level uv dependencies (excluding envs/**) and GitHub Actions on a weekly schedule — syntax is valid and exclude-paths is a supported option.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    D[Dependabot weekly run] --> UV[uv ecosystem — directory: /]
    D --> GA[github-actions ecosystem — directory: /]
    UV --> EXCL{Path under envs/**?}
    EXCL -- Yes --> SKIP[Skip — no PR opened]
    EXCL -- No --> PR1[Open version-update PR]
    GA --> PR2[Open version-update PR]
Loading

Reviews (1): Last reviewed commit: "chore: stop dependabot in envs" | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

CLA Signed This label is managed by the Meta Open Source bot.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant