Skip to content

Added grouping to Dependabot config yaml #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Breus merged 2 commits into from
Jan 7, 2026
Merged

Added grouping to Dependabot config yaml #92

Breus merged 2 commits into from
Jan 7, 2026
+17 −3

Conversation

@EmielBoss
Copy link
Collaborator

@EmielBoss EmielBoss commented Jan 6, 2026

No description provided.

Copilot AI review requested due to automatic review settings January 6, 2026 19:41
Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds dependency grouping to the Dependabot configuration to consolidate related dependency updates into single pull requests. The changes also update the update interval from weekly to quarterly for all package ecosystems.

  • Added grouping configuration for gradle (backend) and npm (frontend) dependencies, separating production and development dependencies into distinct groups
  • Changed update interval from "weekly" to "quarterly" for all three package ecosystems (github-actions, gradle, npm)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions
Copy link

github-actions bot commented Jan 6, 2026
edited
Loading

Test Results

14 tests  ±0   14 ✅ ±0   4s ⏱️ ±0s
 4 suites ±0    0 💤 ±0 
 4 files   ±0    0 ❌ ±0 

Results for commit 4c0fdf9. ± Comparison against base commit 6d3e6dc.

♻️ This comment has been updated with latest results.

@EmielBoss EmielBoss force-pushed the dependabot-grouping branch from e4b4e3a to ff09a36 Compare January 6, 2026 19:59
@EmielBoss EmielBoss force-pushed the dependabot-grouping branch from ff09a36 to 1f0b46f Compare January 6, 2026 20:00
@EmielBoss EmielBoss requested a review from Copilot January 6, 2026 20:01
Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/dependabot.yml Outdated
Comment on lines 29 to 30
applies-to: version-updates
applies-to: security-updates
Copy link

Copilot AI Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 'applies-to' key is duplicated in this group configuration. In YAML, duplicate keys are not allowed - only the last value will be used. According to Dependabot documentation, 'applies-to' should be a single key with a value, and if you need to specify both version-updates and security-updates, you should use a list format or choose one value. The valid options are: "version-updates" or "security-updates". If you want the group to apply to both, you may need to check the current Dependabot documentation for the correct syntax, as the behavior may vary by version.

Copilot uses AI. Check for mistakes.
@Breus Breus requested a review from Copilot January 7, 2026 20:55
@Breus Breus self-assigned this Jan 7, 2026
@Breus Breus self-requested a review January 7, 2026 20:55
@Breus Breus merged commit 1c488ae into master Jan 7, 2026
7 checks passed
@Breus Breus deleted the dependabot-grouping branch January 7, 2026 20:56
Copilot AI reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/dependabot.yml
Comment on lines +11 to +17
groups:
dependencies-backend-production:
dependency-type: "production"
patterns: ["*"]
dependencies-backend-development:
dependency-type: "development"
patterns: ["*"]
Copy link

Copilot AI Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The wildcard pattern "*" combined with dependency-type filtering will match all dependencies of that type. However, this creates two separate groups that will result in two separate pull requests (one for production dependencies and one for development dependencies). If the intention is to group all dependencies together in a single PR, consider removing the dependency-type filter and using a single group per ecosystem instead.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Breus Breus Breus approved these changes

Assignees

@Breus Breus

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@EmielBoss @Breus