Skip to content

Trigger sync back script automatically #3140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 24, 2025
Merged

Trigger sync back script automatically #3140

merged 2 commits into from
Sep 24, 2025

Conversation

henrymercer
Copy link
Contributor

Also enable Dependabot updates for the other directories in .github/actions.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@henrymercer henrymercer requested a review from a team as a code owner September 23, 2025 13:00
@Copilot Copilot AI review requested due to automatic review settings September 23, 2025 13:00
Copilot
Copilot AI reviewed Sep 23, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR streamlines the Dependabot configuration by consolidating GitHub Actions monitoring into a single entry that covers multiple directories, and automatically adds the "Rebuild" label to GitHub Actions updates to trigger the sync back script.

  • Consolidates two separate GitHub Actions package ecosystem entries into one with multiple directories
  • Adds automatic "Rebuild" label to GitHub Actions updates to trigger sync back automation
  • Simplifies the configuration by removing the separate setup-swift specific entry

.github/dependabot.yml
Comment on lines +23 to +25
directories:
- "/"
- "/.github/actions" # All subdirectories outside of "/.github/workflows" must be explicitly included.
Copy link
Preview

Copilot AI Sep 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The directories field is not a valid Dependabot configuration option for GitHub Actions. The correct field name is directory (singular), and it only accepts a single directory path, not an array. To monitor multiple directories, you need separate package-ecosystem entries.

Copilot uses AI. Check for mistakes.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I vaguely remember that this is/was the case for github-actions as Copilot says, but I can't find any documentation which confirms this. I am happy to approve and merge this, which should trigger a validation of the dependabot.yml file. If it doesn't work, then we can easily patch it up afterwards.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#directories-or-directory-- — perhaps after the LLM cutoff?

mbg
mbg approved these changes Sep 24, 2025
View reviewed changes
.github/dependabot.yml
Comment on lines +23 to +25
directories:
- "/"
- "/.github/actions" # All subdirectories outside of "/.github/workflows" must be explicitly included.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I vaguely remember that this is/was the case for github-actions as Copilot says, but I can't find any documentation which confirms this. I am happy to approve and merge this, which should trigger a validation of the dependabot.yml file. If it doesn't work, then we can easily patch it up afterwards.

@henrymercer henrymercer merged commit 0890b56 into main Sep 24, 2025
399 of 418 checks passed
@henrymercer henrymercer deleted the henrymercer/dependabot-rebuild-actions branch September 24, 2025 10:11
@henrymercer henrymercer mentioned this pull request Sep 24, 2025
Merged
@github-actions github-actions bot mentioned this pull request Sep 25, 2025
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@henrymercer @mbg