Skip to content

chore: add Dependabot baseline #402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
liujuanjuan1984 merged 1 commit into from
Apr 9, 2026
Merged

chore: add Dependabot baseline #402

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
version: 2

updates:
- package-ecosystem: "uv"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 5
commit-message:
prefix: "deps"
labels:
- "dependencies"
groups:
uv-minor-and-patch:
patterns:
- "*"
update-types:
- "minor"
- "patch"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 3
commit-message:
prefix: "deps"
labels:
- "dependencies"
groups:
github-actions:
patterns:
- "*"
1 change: 1 addition & 0 deletions scripts/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,5 @@ Executable scripts live in this directory. This file is the entry index for the
## Notes

- `doctor.sh` and `dependency_health.sh` intentionally remain separate entrypoints and share common prerequisites through [`health_common.sh`](./health_common.sh).
- [`.github/dependabot.yml`](../.github/dependabot.yml) enables weekly Dependabot version updates for `uv` and GitHub Actions with grouped low-risk updates, while `dependency_health.sh` remains the explicit review/audit entrypoint.
- External conformance experiments remain intentionally separate from the default regression path. See [`../docs/conformance.md`](../docs/conformance.md).
10 changes: 10 additions & 0 deletions tests/scripts/test_script_health_contract.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
COVERAGE_GATE_TEXT = Path("scripts/check_coverage.py").read_text()
SCRIPTS_INDEX_TEXT = Path("scripts/README.md").read_text()
PYPROJECT_TEXT = Path("pyproject.toml").read_text()
DEPENDABOT_TEXT = Path(".github/dependabot.yml").read_text()


def test_shared_repo_health_prerequisites_live_in_common_helper() -> None:
Expand Down Expand Up @@ -45,6 +46,15 @@ def test_scripts_index_documents_split_health_entrypoints() -> None:
assert "external A2A conformance experiment entrypoint" in SCRIPTS_INDEX_TEXT
assert "dependency review entrypoint" in SCRIPTS_INDEX_TEXT
assert "health_common.sh" in SCRIPTS_INDEX_TEXT
assert "weekly Dependabot version updates" in SCRIPTS_INDEX_TEXT


def test_dependabot_configuration_covers_uv_and_github_actions() -> None:
assert 'package-ecosystem: "uv"' in DEPENDABOT_TEXT
assert 'package-ecosystem: "github-actions"' in DEPENDABOT_TEXT
assert "open-pull-requests-limit: 5" in DEPENDABOT_TEXT
assert "open-pull-requests-limit: 3" in DEPENDABOT_TEXT
assert "uv-minor-and-patch" in DEPENDABOT_TEXT


def test_conformance_script_keeps_external_experiment_scope() -> None:
Expand Down