Merge pull request #106 from oceanbase/hotfix/develop-target-updates

chore: retarget dependabot updates to develop

Author: webup

.github/dependabot.yml

@@ -6,6 +6,7 @@ updates:
   # Python dependencies (weekly)
   - package-ecosystem: "pip"
     directory: "/"
+    target-branch: "develop"
     schedule:
       interval: "weekly"
       day: "monday"
@@ -37,6 +38,7 @@ updates:
   # GitHub Actions (monthly)
   - package-ecosystem: "github-actions"
     directory: "/"
+    target-branch: "develop"
     schedule:
       interval: "monthly"
     open-pull-requests-limit: 5

CONTRIBUTING.md

@@ -109,7 +109,8 @@ git push origin feature/onboard-docker-compose
 - `feature/*`, `bugfix/*`, `chore/*`, `docs/*`, `refactor/*`, `test/*` -> `develop`
 - `release/*` -> `main`
 - `hotfix/*` -> `main`, then back-merge to `develop`
-- Dependabot PRs may continue to target `main` until `develop` is fully reconciled with the current `main` history
+- Dependabot version updates target `develop`
+- Dependabot security updates still follow the GitHub default branch until a repo admin switches the default branch from `main` to `develop`
 
 Include:
 - Problem you're solving

README.md

@@ -419,6 +419,7 @@ make lint    # ruff check + mypy
 See `CONTRIBUTING.md` for detailed developer setup and the PR process. When submitting a PR, please:
 - Target `develop` for regular work (`feature/*`, `bugfix/*`, `chore/*`, `docs/*`, `refactor/*`, `test/*`)
 - Use `release/*` or `hotfix/*` as the normal PR sources into `main`
-- Expect Dependabot maintenance PRs to continue targeting `main` until `develop` is fully reconciled
+- Dependabot version updates now target `develop`
+- Dependabot security updates still follow the GitHub default branch until a repo admin switches the default branch from `main` to `develop`
 - Reference the issue (e.g., `Closes #43`) in the PR body
 - Run linters and tests locally