Skip to content

ci: add 7-day dependabot cooldown#1619

Merged
wochinge merged 1 commit intomainfrom
codex/add-dependabot-cooldown
Apr 10, 2026
Merged

ci: add 7-day dependabot cooldown#1619
wochinge merged 1 commit intomainfrom
codex/add-dependabot-cooldown

Conversation

@wochinge
Copy link
Copy Markdown
Contributor

@wochinge wochinge commented Apr 10, 2026
edited by greptile-apps bot
Loading

Summary

  • add a 7-day Dependabot cooldown for the uv update config
  • add the same 7-day cooldown for the github-actions update config

Why

This repository's Dependabot configuration opened update PRs daily without any cooldown window. Adding a 7-day cooldown reduces churn from rapid successive version bumps across both configured ecosystems.

Validation

  • ruby -e 'require "yaml"; YAML.load_file(".github/dependabot.yml"); puts "yaml ok"'
  • git diff --check

Disclaimer: Experimental PR review

Greptile Summary

Adds a 7-day cooldown (default-days: 7) to both the uv and github-actions Dependabot update configurations to reduce noisy daily PRs for rapid successive version bumps. The cooldown key and its default-days parameter are officially supported by Dependabot and the YAML is well-formed.

Confidence Score: 5/5

Safe to merge — valid Dependabot configuration with no functional risks.

The change is a minimal, well-scoped CI configuration update using a documented Dependabot feature. No code logic, security, or data concerns are present.

No files require special attention.

Important Files Changed

Filename Overview
.github/dependabot.yml Adds cooldown: default-days: 7 to both uv and github-actions update configs; syntax is valid and the option is officially documented.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Dependabot scheduled run - daily] --> B{New version available?}
    B -- No --> C[Skip]
    B -- Yes --> D{Within 7-day cooldown window?}
    D -- Yes --> E[Skip - wait for cooldown to expire]
    D -- No --> F[Open PR for update]
    F --> G[uv ecosystem PR]
    F --> H[github-actions ecosystem PR]
Loading

Reviews (1): Last reviewed commit: "chore(dependabot): add 7-day cooldown" | Re-trigger Greptile

@wochinge wochinge changed the title [codex] add 7-day dependabot cooldown ci: add 7-day dependabot cooldown Apr 10, 2026
@wochinge wochinge marked this pull request as ready for review April 10, 2026 14:36
@wochinge wochinge enabled auto-merge (squash) April 10, 2026 14:36
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 10, 2026

@claude review

claude[bot]
claude bot reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — simple config change adding a 7-day cooldown to both Dependabot ecosystems.

Extended reasoning...

Overview

This PR modifies only .github/dependabot.yml, adding a cooldown: default-days: 7 block to both the uv and github-actions update configurations. No production code is touched.

Security risks

None. This is a CI/CD configuration change that reduces the frequency of dependency update PRs. It does not affect authentication, data handling, or any runtime behavior.

Level of scrutiny

Minimal scrutiny required. The change is mechanical, consistent across both ecosystems, and follows the documented Dependabot configuration schema. The commit that preceded this PR (35f78ed) already added a similar cooldown to the dependabot config (chore), indicating this is an established pattern.

Other factors

No bugs were found. The change is self-contained, touches no code paths, and the intent (reducing PR churn) is clearly explained. The YAML structure is valid and symmetric.

@wochinge wochinge disabled auto-merge April 10, 2026 14:47
@wochinge wochinge merged commit cfbe7a3 into main Apr 10, 2026
35 of 39 checks passed
@wochinge wochinge deleted the codex/add-dependabot-cooldown branch April 10, 2026 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wochinge