Skip to content

Comments

Configure Dependabot to group all updates into one PR per ecosystem#293

Merged
rezwana-karim merged 2 commits intomainfrom
copilot/update-dependabot-config
Feb 22, 2026
Merged

Configure Dependabot to group all updates into one PR per ecosystem#293
rezwana-karim merged 2 commits intomainfrom
copilot/update-dependabot-config

Conversation

Copy link
Contributor

Copilot AI commented Feb 22, 2026
edited
Loading

Dependabot was opening individual PRs per dependency, creating noise. This caps it to one open PR per ecosystem and batches all updates into a single grouped PR.

Changes

  • npm: added open-pull-requests-limit: 1 and groups.all-dependencies matching "*" — all npm updates land in one PR daily
  • github-actions: same pattern with groups.all-actions — all Actions updates land in one PR weekly
  • Existing schedule.interval and directory: "/" values unchanged
groups:
  all-dependencies:
    patterns:
      - "*"
Original prompt

Update .github/dependabot.yml to group dependency updates into a single pull request per package ecosystem (npm and github-actions).

Goal:

  • Configure Dependabot so it opens at most one open pull request per ecosystem and groups all updates within that ecosystem into a single PR.
  • Keep existing schedule intervals (daily for npm, weekly for GitHub Actions) and directory "/".

Change to make (replace the file .github/dependabot.yml with the content below):

version: 2
updates:

Enable version updates for npm

  • package-ecosystem: "npm"

    Look for package.json and lock files in the root directory

    directory: "/"

    Check the npm registry for updates every day (weekdays)

    schedule:
    interval: "daily"

    Limit open PRs for this ecosystem to 1 and group all updates into one PR

    open-pull-requests-limit: 1
    groups:
    all-dependencies:
    patterns:
    - "*"

Enable version updates for GitHub Actions

  • package-ecosystem: "github-actions"

    Workflow files stored in the default location of .github/workflows

    You don't need to specify /.github/workflows for directory. You can use directory: "/".

    directory: "/"
    schedule:
    interval: "weekly"
    open-pull-requests-limit: 1
    groups:
    all-actions:
    patterns:
    - "*"

This pull request was created from Copilot chat.

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

@github-project-automation github-project-automation bot moved this to Backlog in StormCom Feb 22, 2026
@vercel
Copy link

vercel bot commented Feb 22, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
stormcomui Ready Ready Preview, Comment Feb 22, 2026 8:47pm

@rezwana-karim
Update dependabot.yml to group dependency updates per ecosystem
f3cae84 
Co-authored-by: rezwana-karim <126201034+rezwana-karim@users.noreply.github.com>
Copilot AI changed the title [WIP] Update dependabot configuration to group updates Configure Dependabot to group all updates into one PR per ecosystem Feb 22, 2026
Copilot AI requested a review from rezwana-karim February 22, 2026 20:39
@rezwana-karim rezwana-karim marked this pull request as ready for review February 22, 2026 20:48
Copilot AI review requested due to automatic review settings February 22, 2026 20:48
Copilot AI reviewed Feb 22, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR configures Dependabot to batch all dependency updates into a single pull request per package ecosystem, reducing noise from individual PRs. The configuration adds grouping rules for both npm and GitHub Actions ecosystems while preserving existing update schedules (daily for npm, weekly for GitHub Actions).

Changes:

  • Added open-pull-requests-limit: 1 to cap open PRs per ecosystem
  • Configured groups with wildcard pattern "*" to batch all updates together
  • Removed outdated header comments for cleaner configuration

@rezwana-karim rezwana-karim merged commit b202ae6 into main Feb 22, 2026
10 checks passed
@rezwana-karim rezwana-karim deleted the copilot/update-dependabot-config branch February 22, 2026 20:50
@github-project-automation github-project-automation bot moved this from Backlog to Done in StormCom Feb 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rezwana-karim rezwana-karim Awaiting requested review from rezwana-karim

Assignees

@rezwana-karim rezwana-karim

Copilot code review Copilot

Labels

None yet

Projects

StormCom
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rezwana-karim