Skip to content

Chore: [AEA-0000] - Depenadabot cooldown #2909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
anthony-nhs merged 6 commits into from
Mar 27, 2026
Merged

Chore: [AEA-0000] - Depenadabot cooldown #2909

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e104350
workflow to update dev container
anthony-nhs Mar 25, 2026
45aa0b1
dependabot cooldown
anthony-nhs Mar 25, 2026
cc2b8a5
fix indent
anthony-nhs Mar 25, 2026
6a4e404
Merge branch 'workflow_to_update_dev_container' into depenadabot_cool…
anthony-nhs Mar 25, 2026
0dc072e
Merge remote-tracking branch 'origin/main' into depenadabot_cooldown
anthony-nhs Mar 27, 2026
2f179e9
update
anthony-nhs Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ updates:
open-pull-requests-limit: 20
commit-message:
prefix: "Upgrade: [dependabot] - "
cooldown:
default-days: 3
Comment on lines +26 to +27
Copy link

Copilot AI Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cooldown / default-days is not part of the standard Dependabot v2 configuration keys (keys are validated by GitHub). If this field isn't supported in your GitHub org/instance, it will cause Dependabot to reject the entire config and stop creating update PRs. Please verify support for cooldown or replace with an officially supported mechanism (e.g., adjust schedule, use groups, or rely on open-pull-requests-limit).

Copilot uses AI. Check for mistakes.
- package-ecosystem: "github-actions"
# Workflow files stored in the
# default location of `.github/workflows`
Expand All @@ -34,6 +36,8 @@ updates:
open-pull-requests-limit: 20
commit-message:
prefix: "Upgrade: [dependabot] - "
cooldown:
default-days: 3
Comment on lines +39 to +40
Copy link

Copilot AI Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cooldown / default-days is not part of the standard Dependabot v2 configuration keys (keys are validated by GitHub). If this field isn't supported in your GitHub org/instance, it will cause Dependabot to reject the entire config and stop creating update PRs. Please verify support for cooldown or replace with an officially supported mechanism (e.g., adjust schedule, use groups, or rely on open-pull-requests-limit).

Copilot uses AI. Check for mistakes.

###################################
# NPM workspace ##################
Expand All @@ -50,3 +54,5 @@ updates:
prefix: "Upgrade: [dependabot] - "
registries:
- npm-github
cooldown:
default-days: 3
Comment on lines +57 to +58
Copy link

Copilot AI Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cooldown / default-days is not part of the standard Dependabot v2 configuration keys (keys are validated by GitHub). If this field isn't supported in your GitHub org/instance, it will cause Dependabot to reject the entire config and stop creating update PRs. Please verify support for cooldown or replace with an officially supported mechanism (e.g., adjust schedule, use groups, or rely on open-pull-requests-limit).

Copilot uses AI. Check for mistakes.
19 changes: 19 additions & 0 deletions .github/workflows/update_dev_container_version.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: Update Devcontainer Version

on:
workflow_dispatch:
schedule:
- cron: "0 18 * * 4"

jobs:
update_devcontainer_version:
uses: NHSDigital/eps-common-workflows/.github/workflows/update-dev-container-version.yml@d2a4595b1bfa59f04c7cecb080a126321d42a333
Copy link

Copilot AI Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description/title focuses on Dependabot cooldown, but this PR also introduces a new scheduled workflow for updating the devcontainer version. Please either update the PR description to include this scope, or split the workflow addition into a separate PR so the change is easier to review and audit.

Copilot uses AI. Check for mistakes.
permissions:
contents: read
packages: read
pull-requests: write
Copy link

Copilot AI Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The permissions keys are indented more deeply than the rest of the job fields, which is inconsistent with other workflows in this repo (e.g. .github/workflows/pull_request.yml). Please align the indentation to the standard 2-space steps under permissions: to keep YAML formatting consistent and avoid future merge/lint issues.

Suggested change
contents: read
packages: read
pull-requests: write
contents: read
packages: read
pull-requests: write

Copilot uses AI. Check for mistakes.
with:
base_branch: main
secrets:
AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
Loading