Skip to content

chore: adopt canonical Dependabot config#15

Merged
Goosterhof merged 1 commit into
mainfrom
chore/adopt-dependabot
Jul 11, 2026
Merged

chore: adopt canonical Dependabot config#15
Goosterhof merged 1 commit into
mainfrom
chore/adopt-dependabot

Conversation

@Goosterhof

Copy link
Copy Markdown
Collaborator

Adopts the canonical war-room Dependabot config (fleet standard) — this package had none.

  • composer (weekly, Mon 06:00 Europe/Amsterdam) — dev-tooling group (pest/phpstan/larastan/pint/orchestra, minor+patch); illuminate/* runtime deps left ungrouped so a Laravel-compat bump lands as a solo, reviewed PR (the ^11–13 range is the library's load-bearing contract).
  • github-actions (weekly) — keeps ci.yml / release.yml action pins current.
  • target-branch: main (published package, default main).

Pairs with the security toggles enabled fleet-wide today (Dependabot alerts + secret scanning are now on for this repo).

🤖 Canonical-settings fleet convergence 2026-07-11.

Weekly composer + github-actions updates (fleet standard). dev-tooling
grouped minor/patch; illuminate/* left ungrouped for reviewed Laravel-compat PRs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_013vsciK78JH2yDG1gGBCFKu
@Goosterhof Goosterhof added the Agent Review Requested Requesting review of specialized AI review agents. label Jul 11, 2026
@jasperboerhof

Copy link
Copy Markdown
Contributor

Town Crier Review · 10/10 · PASS · 🔎 Independent

kendo-error-tracker #15 · AC anchor: PR description (no reachable board — task, no key/AC) · head b00f29631a · via the town-crier bus (request #564)

Tip

Config-only PR adding .github/dependabot.yml; reviewed the config DEEP against the actual repo layout — composer.json at root (directory / correct), no package.json anywhere (composer-only comment accurate), workflows present (github-actions ecosystem valid), and every dev-tooling group pattern (pestphp/phpstan/pint/orchestra) maps to a real require-dev entry with illuminate/* correctly left ungrouped per the stated contract. The only smell, redundant target-branch: main (== default branch), is harmless — GitHub's docs confirm the target-branch security-update disabling applies only to a NON-default branch, so security updates still fire; inline comments all verify against the tree and CI is green.

No findings — clean against the review checklist.

@jasperboerhof jasperboerhof left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved — Town Crier verdict PASS @Head, CI green, no open MAJOR+ thread. Our approval is our independent vote (approve-alongside): a peer's review / CHANGES_REQUESTED never withholds it — we verify every blocker ourselves, and a real one drops our own verdict below PASS. Any open 🟡 MINOR threads alongside this approval are non-blocking (TC-0036 R4) — author's choice: fold here or follow-up; if folding into this PR, say so in-thread and disarm auto-merge. See the verdict comment + inline notes.

@Goosterhof Goosterhof merged commit 0c43653 into main Jul 11, 2026
3 checks passed
@Goosterhof Goosterhof deleted the chore/adopt-dependabot branch July 11, 2026 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Agent Review Requested Requesting review of specialized AI review agents.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants