Conversation
There was a problem hiding this comment.
Pull request overview
Updates Dependabot configuration to better control Gradle dependency update behavior and group selected SDK updates into a single PR stream targeting develop.
Changes:
- Adds broader Gradle ignore rules plus additional explicitly ignored DHIS2-related dependencies.
- Introduces a Dependabot group intended to group
org.hisp.dhis:android-coreupdates together (patch/minor/major). - Keeps weekly GitHub Actions updates with unchanged PR limit.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Allow security updates for all dependencies | ||
| - dependency-name: "*" | ||
| update-types: ["version-update:semver-major", "version-update:semver-minor"] | ||
| # But allow security updates even for major/minor | ||
| except: | ||
| - update-types: ["version-update:semver:security"] |
There was a problem hiding this comment.
The ignore entry adds an except: block, but except is not a valid key in Dependabot’s ignore configuration. Additionally, version-update:semver:security is not a valid update-types value. This will likely cause Dependabot to reject the config. If the goal is to ensure security updates still open, note that Dependabot security updates are handled separately and generally aren’t affected by ignore; remove except and keep only supported update-types entries (or restructure using a separate update config).
| # Allow security updates for all dependencies | |
| - dependency-name: "*" | |
| update-types: ["version-update:semver-major", "version-update:semver-minor"] | |
| # But allow security updates even for major/minor | |
| except: | |
| - update-types: ["version-update:semver:security"] | |
| # Ignore non-security major/minor updates for all dependencies. | |
| # Dependabot security updates are handled separately and will still be opened. | |
| - dependency-name: "*" | |
| update-types: ["version-update:semver-major", "version-update:semver-minor"] |
| groups: | ||
| gradle-updates: | ||
| dhis2-android-core: | ||
| patterns: | ||
| - "*" # Group all Gradle updates into one PR | ||
| - "org.hisp.dhis:android-core" | ||
| update-types: | ||
| - "patch" # Only include patch updates (no major or minor versions) | ||
| - "patch" | ||
| - "minor" | ||
| - "major" |
There was a problem hiding this comment.
The global ignore rule for dependency-name: "*" ignoring semver-major/minor will also apply to org.hisp.dhis:android-core, so the dhis2-android-core group’s minor/major update-types won’t ever be proposed. If you want to allow minor/major updates only for android-core while keeping the rest patch-only, consider adding a second updates: entry for Gradle that allows just org.hisp.dhis:android-core (with its group settings), and keep the global ignore in the other entry.
|
1 participant
Description
Group SDK updates