🌱 Add dependabot for automated dependency updates#6
🌱 Add dependabot for automated dependency updates#6clubanderson wants to merge 1 commit intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request adds a dependabot configuration file to enable automated dependency updates for GitHub Actions and Docker base images as part of the event readiness initiative for the llm-d ecosystem. The configuration sets up weekly checks for both ecosystems with appropriate labels and commit message prefixes.
Changes:
- Added
.github/dependabot.ymlconfiguration file - Configured weekly automated updates for GitHub Actions dependencies
- Configured weekly automated updates for Docker base images
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| labels: | ||
| - "dependencies" | ||
| commit-message: | ||
| prefix: "deps(docker)" |
There was a problem hiding this comment.
The repository contains a Rust workspace with Cargo.toml and Cargo.lock files, but there is no cargo package ecosystem configured in dependabot. Consider adding a cargo configuration block to monitor Rust dependencies. This would help keep dependencies like serde, clap, tracing, and other workspace dependencies up to date.
| prefix: "deps(docker)" | |
| prefix: "deps(docker)" | |
| # Rust (Cargo) dependency updates | |
| - package-ecosystem: "cargo" | |
| directory: "/" | |
| schedule: | |
| interval: "weekly" | |
| labels: | |
| - "dependencies" | |
| - "release-note-none" | |
| commit-message: | |
| prefix: "deps(cargo)" |
| schedule: | ||
| interval: "weekly" | ||
| labels: | ||
| - "dependencies" |
There was a problem hiding this comment.
The GitHub Actions ecosystem includes the "release-note-none" label, but the Docker ecosystem does not. For consistency, consider adding the "release-note-none" label to the Docker ecosystem configuration as well, since dependency updates typically don't require release notes.
| - "dependencies" | |
| - "dependencies" | |
| - "release-note-none" |
| - package-ecosystem: "docker" | ||
| directory: "/" |
There was a problem hiding this comment.
The Docker ecosystem is configured with directory: "/", which will only monitor the Dockerfile at the root level. However, there are additional Dockerfiles in subdirectories (e.g., hca-probe/Dockerfile and hca-probe/docker/Dockerfile). Consider adding separate entries for each directory containing a Dockerfile to ensure all Docker base images are monitored for updates.
clubanderson
force-pushed
the
feature/add-dependabot
branch
from
d483580 to
b2d0538
Compare
clubanderson
force-pushed
the
feature/add-dependabot
branch
from
b2d0538 to
2b018d5
Compare
🔗 Link Check Results✅ Summary
|
| File | Line | Link | Status |
|---|---|---|---|
| docs/upstream-versions.md | 77 | (pypi.org/redacted) | Network restricted (known flaky domain) |
Note: The PyPI link appears to be blocked by network restrictions in the CI environment. This is not a broken link in the markdown files themselves, but a transient network issue. The link is valid and should work when accessed from other environments.
Generated by Link Checker for issue #6
clubanderson
force-pushed
the
feature/add-dependabot
branch
2 times, most recently
from
9a4e99f to
ad498c7
Compare
|
👋 @smarterclayton @aavarghese PTAL — adds dependabot for automated dependency updates. Ready for review. |
|
👋 @chcost @Gregory-Pereira PTAL — adds dependabot for automated dependency updates. Ready for review. |
clubanderson
force-pushed
the
feature/add-dependabot
branch
from
ad498c7 to
e26cdee
Compare
Add dependabot configuration (GitHub Actions, Docker for root and subdirectory Dockerfiles, Cargo for Rust dependencies), agentic workflows, Prow integration, and governance files. Signed-off-by: Andrew Anderson <andy@clubanderson.com>
clubanderson
force-pushed
the
feature/add-dependabot
branch
from
e26cdee to
d5dc1f4
Compare
Summary
Adds dependabot.yml for automated dependency updates (GitHub Actions, Docker). Part of event readiness initiative for llm-d ecosystem.
Test plan
/cc @wseaton @zdtsw