Conversation
|
This PR is linked to a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket: AEA-0000 |
There was a problem hiding this comment.
Pull request overview
Adds automation controls to reduce Dependabot PR churn and introduces a scheduled workflow to update the devcontainer version via a reusable workflow.
Changes:
- Add a Dependabot
cooldownconfiguration (3 days) across pip, GitHub Actions, and npm update configurations. - Add a new scheduled/manual GitHub Actions workflow to update the devcontainer version using
eps-common-workflows.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| .github/workflows/update_dev_container_version.yml | Adds a scheduled + manual workflow that calls a reusable workflow to update the devcontainer version. |
| .github/dependabot.yml | Introduces a 3-day cooldown to slow down Dependabot update PR creation across ecosystems. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| contents: read | ||
| packages: read | ||
| pull-requests: write |
There was a problem hiding this comment.
In this workflow the permissions mapping entries are indented more deeply than the rest of the job fields (e.g., contents, packages, pull-requests have 8 spaces). Other workflows in this repo consistently indent permission entries by two spaces under permissions:; aligning indentation improves consistency and avoids YAML-lint/actionlint edge cases.
| contents: read | |
| packages: read | |
| pull-requests: write | |
| contents: read | |
| packages: read | |
| pull-requests: write |
|
Summary
Details