chore: improve dependabot configuration (#619)

devcrocod · web-flow · commit 01689cc24818 · 2026-03-26T20:35:04.000+01:00
- Add grouped dependency updates for root Gradle (ktor, kotlinx, kotlin, kotest, testing, infrastructure, gradle-plugins) - Track all sample projects via `directories: /samples/*` with separate PRs for ktor, kotlin, and mcp-kotlin-sdk - Track npm dependencies in integration tests - Group github actions updates into a single PR ## Types of changes - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Documentation update ## Checklist - [x] I have read the [MCP Documentation](https://modelcontextprotocol.io) - [x] My code follows the repository's style guidelines - [x] New and existing tests pass locally - [ ] I have added appropriate error handling - [ ] I have added or updated documentation as needed
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,20 +1,109 @@
-# Configuration options:
-# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#about-the-dependabotyml-file
+# yaml-language-server: $schema=https://json.schemastore.org/dependabot-2.0.json
+# Configuration: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
 
 version: 2
+
 updates:
+  # Root Gradle project (includes buildSrc)
   - package-ecosystem: "gradle"
     directory: "/"
     schedule:
       interval: "weekly"
+      day: "monday"
+    commit-message:
+      prefix: "chore(deps):"
     labels:
       - "dependencies"
       - "kotlin"
+    open-pull-requests-limit: 10
+    groups:
+      ktor:
+        patterns:
+          - "io.ktor:*"
+      kotlinx:
+        patterns:
+          - "org.jetbrains.kotlinx:*"
+      kotlin:
+        patterns:
+          - "org.jetbrains.kotlin:*"
+      kotest:
+        patterns:
+          - "io.kotest:*"
+      testing:
+        patterns:
+          - "io.mockk:*"
+          - "dev.mokksy:*"
+          - "org.awaitility:*"
+          - "org.junit.jupiter:*"
+      infrastructure:
+        patterns:
+          - "io.netty:*"
+          - "io.github.oshai:*"
+          - "org.slf4j:*"
+      gradle-plugins:
+        patterns:
+          - "dev.detekt"
+          - "org.jetbrains.kotlinx.kover"
+          - "org.jlleitschuh.gradle.ktlint"
+          - "org.jetbrains.kotlinx.knit"
+          - "org.jetbrains.kotlinx.binary-compatibility-validator"
+          - "org.openapi.generator"
+          - "org.jetbrains.dokka:*"
+          - "com.vanniktech:*"
+
+  # Samples (independent Gradle builds)
+  - package-ecosystem: "gradle"
+    directories:
+      - "/samples/*"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    commit-message:
+      prefix: "chore(deps):"
+    labels:
+      - "dependencies"
+      - "kotlin"
+      - "samples"
+    open-pull-requests-limit: 10
+    groups:
+      other-dependencies:
+        patterns:
+          - "*"
+        exclude-patterns:
+          - "io.ktor*"
+          - "org.jetbrains.kotlin*"
+          - "io.modelcontextprotocol*"
+
+  # npm (integration tests)
+  - package-ecosystem: "npm"
+    directory: "/integration-test/src/jvmTest/typescript"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    commit-message:
+      prefix: "chore(deps):"
+    labels:
+      - "dependencies"
+      - "javascript"
+    open-pull-requests-limit: 10
+    groups:
+      all-dependencies:
+        patterns:
+          - "*"
 
+  # GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
+      day: "monday"
+    commit-message:
+      prefix: "chore(deps):"
     labels:
       - "dependencies"
       - "github-actions"
+    open-pull-requests-limit: 10
+    groups:
+      all-actions:
+        patterns:
+          - "*"
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,23 @@
+name: Auto-merge Dependabot
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  auto-merge:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dependabot/fetch-metadata@v2
+        id: metadata
+
+      - if: >-
+          steps.metadata.outputs.package-ecosystem == 'github_actions' ||
+          steps.metadata.outputs.package-ecosystem == 'npm_and_yarn'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
