Skip to content

Commit 4b5fe20

Browse files
authored
Migrate GitHub Actions deps to Renovate (keep npm on Dependabot) (#72)
## Summary - Remove `github-actions` ecosystem entry from `.github/dependabot.yml` — now managed by shared [CopilotKit/renovate](https://github.com/CopilotKit/renovate) config - Delete `dependabot-auto-merge.yml` and `dependabot-major-analysis.yml` workflows (GHA-specific) - **Preserve** npm ecosystem entry in `dependabot.yml` (weekly, @copilotkit/* grouping, jpr5 reviewer) Part of [Renovate org rollout — Phase 1](https://www.notion.so/copilotkit/3613aa38185281a38863fcff2907021c). ## What stays on Dependabot | Ecosystem | Directory | Interval | |-----------|-----------|----------| | npm | `/` | weekly | ## What moves to Renovate | Ecosystem | Previously | Now | |----------------|-----------|-----| | github-actions | Dependabot (daily) | CopilotKit/renovate shared config |
2 parents 0dbd5bd + 7546271 commit 4b5fe20

4 files changed

Lines changed: 0 additions & 205 deletions

File tree

.github/dependabot.yml

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -13,26 +13,3 @@ updates:
1313
open-pull-requests-limit: 10
1414
cooldown:
1515
default-days: 1
16-
- package-ecosystem: github-actions
17-
directory: /
18-
schedule:
19-
interval: daily
20-
groups:
21-
minor-and-patch:
22-
patterns: ["*"]
23-
update-types:
24-
- minor
25-
- patch
26-
major:
27-
patterns: ["*"]
28-
update-types:
29-
- major
30-
labels:
31-
- dependencies
32-
- github-actions
33-
commit-message:
34-
prefix: "ci"
35-
include: "scope"
36-
open-pull-requests-limit: 10
37-
cooldown:
38-
default-days: 1

.github/workflows/dependabot-auto-merge.yml

Lines changed: 0 additions & 32 deletions
This file was deleted.

.github/workflows/dependabot-major-analysis.yml

Lines changed: 0 additions & 144 deletions
This file was deleted.

.github/zizmor.yml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,6 @@
11
rules:
22
dangerous-triggers:
33
ignore:
4-
# Dependabot auto-merge: uses pull_request_target for write token.
5-
# Does NOT checkout PR code. Actor-gated to dependabot[bot].
6-
- dependabot-auto-merge.yml
7-
# Dependabot major analysis: uses pull_request_target for PR comments.
8-
# Does NOT checkout PR code. Actor-gated to dependabot[bot].
9-
- dependabot-major-analysis.yml
104
# notify-pr.yml uses pull_request_target but only curls a Slack webhook.
115
# It has permissions: {} so no token is exposed.
126
- notify-pr.yml

0 commit comments

Comments
 (0)