fix: rewrite dependabot.yml to remove unsupported YAML aliases#576
fix: rewrite dependabot.yml to remove unsupported YAML aliases#576aurelianware merged 1 commit intomainfrom
Conversation
Dependabot does not support YAML anchors/aliases (&/*), causing the config validation check to fail on every PR. Rewrote the file using the `directories` (plural) feature to consolidate 27 individual NuGet service entries into one and 4 engine entries into one. Also added 7 missing projects (claims-scrubbing-service, shared Infrastructure, and 5 engines). Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
There was a problem hiding this comment.
Pull request overview
Rewrites .github/dependabot.yml to remove unsupported YAML anchors/aliases and consolidates repeated NuGet update configs by using shared configuration across multiple directories, while also adding several missing project paths.
Changes:
- Replaced YAML anchors/aliases with explicit fields so Dependabot can parse the config.
- Consolidated many NuGet update entries into two entries (services + engines) using a shared directory list.
- Added missing service/engine project directories to Dependabot coverage.
| directories: | ||
| - "/src/services/appeals-service" | ||
| - "/src/services/ar-service" | ||
| - "/src/services/attachment-service" | ||
| - "/src/services/authorization-service" | ||
| - "/src/services/benefit-plan-service" | ||
| - "/src/services/capitation-service" | ||
| - "/src/services/CHO.TerminologyService" | ||
| - "/src/services/claims-scrubbing-service" | ||
| - "/src/services/claims-service" | ||
| - "/src/services/CloudHealthOffice.PricingApi" | ||
| - "/src/services/coverage-service" | ||
| - "/src/services/eligibility-service" | ||
| - "/src/services/encounter-service" | ||
| - "/src/services/enrollment-import-service" | ||
| - "/src/services/ffs-service" | ||
| - "/src/services/fhir-service" | ||
| - "/src/services/member-service" | ||
| - "/src/services/payment-service" | ||
| - "/src/services/premium-billing-service" | ||
| - "/src/services/provider-contracts-service" | ||
| - "/src/services/provider-service" | ||
| - "/src/services/reference-data-service" | ||
| - "/src/services/rfai-service" | ||
| - "/src/services/risk-adjustment-service" | ||
| - "/src/services/smart-auth-service" | ||
| - "/src/services/sponsor-service" | ||
| - "/src/services/tenant-service" | ||
| - "/src/services/trading-partner-service" | ||
| - "/src/services/shared/CloudHealthOffice.Infrastructure" |
There was a problem hiding this comment.
With a single NuGet update entry covering many service directories, open-pull-requests-limit: 10 becomes a shared cap across all of them (previously it was effectively per-service). This can significantly throttle update throughput and delay patch/minor updates across the fleet. Consider increasing the limit further, or splitting into multiple update entries (e.g., by service category/team) to keep Dependabot’s PR flow comparable to the prior per-directory configuration.
| time: "02:00" | ||
| open-pull-requests-limit: 5 | ||
| reviewers: &dotnet-reviewers | ||
| open-pull-requests-limit: 10 |
There was a problem hiding this comment.
With a single NuGet update entry covering many service directories, open-pull-requests-limit: 10 becomes a shared cap across all of them (previously it was effectively per-service). This can significantly throttle update throughput and delay patch/minor updates across the fleet. Consider increasing the limit further, or splitting into multiple update entries (e.g., by service category/team) to keep Dependabot’s PR flow comparable to the prior per-directory configuration.
| open-pull-requests-limit: 10 | |
| open-pull-requests-limit: 50 |
| labels: | ||
| - "dependencies" | ||
| - "dotnet" |
There was a problem hiding this comment.
Consolidating services into one NuGet entry removes the ability to apply directory-specific labels. In the previous config, at least CloudHealthOffice.PricingApi had an additional label (pricing-api), which may be relied on for routing/automation. If that label is still needed, keep a separate update entry for that directory (or any other special-case services) so labels remain accurate.
Summary
dependabot.ymlbecause it uses YAML anchors/aliases (&/*), which are not supporteddirectories(plural) to consolidate 27 NuGet service entries → 1 and 4 engine entries → 1, reducing the file from 476 to 170 linesclaims-scrubbing-service,CloudHealthOffice.Infrastructure, and 5 engines (BenefitEngine,ClaimsScrubEngine,EncounterEngine,FeeScheduleEngine,OperatingMode)Test plan
.github/dependabot.ymlcheck passes (was failing on every PR, e.g. chore(deps): bump docker/metadata-action from 5 to 6 #517)🤖 Generated with Claude Code