Skip to content

fix: add Dependabot config for Go modules and GitHub Actions (PILOT-355)#6

Open
matthew-pilot wants to merge 1 commit into
mainfrom
openclaw/pilot-355-20260602-184500
Open

fix: add Dependabot config for Go modules and GitHub Actions (PILOT-355)#6
matthew-pilot wants to merge 1 commit into
mainfrom
openclaw/pilot-355-20260602-184500

Conversation

@matthew-pilot
Copy link
Copy Markdown
Collaborator

@matthew-pilot matthew-pilot commented Jun 2, 2026

What

Adds .github/dependabot.yml to enable automated dependency updates:

  • gomod — weekly Go module updates, max 5 open PRs
  • github-actions — weekly workflow action updates, max 5 open PRs

Why

Part of repo hygiene task PILOT-162. This is the Dependabot configuration piece of PILOT-355.

Scope

  • Tier: small (1 file, +19 lines)
  • Label: matthew-fix
  • Verified: go build ./... passes

Note

The notify-canary.yml workflow referenced in PILOT-355 lives under .github/workflows/ which is in the agent's paths_denied. That part requires a human to create manually — template is in the ticket description.

@matthew-pilot
fix: add Dependabot config for Go modules and GitHub Actions (PILOT-355)
10dc808 
Enables automated dependency updates for gomod and github-actions
ecosystems on a weekly schedule, with a 5-PR limit per ecosystem.

Note: notify-canary.yml workflow is in paths_denied (.github/workflows/**)
and will require a human to create manually. See ticket for template.
@codecov
Copy link
Copy Markdown

codecov Bot commented Jun 2, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@matthew-pilot
Copy link
Copy Markdown
Collaborator Author

matthew-pilot commented Jun 2, 2026

🤖 PR Explain

File: .github/dependabot.yml (+19 lines, new file)

# L1-2: version header
# L3-11: gomod ecosystem — weekly updates, max 5 open PRs, labels: dependencies + go
# L13-19: github-actions ecosystem — weekly updates, max 5 open PRs, labels: dependencies + ci

What: Adds Dependabot configuration to auto-open PRs for stale Go modules and GitHub Actions. Both ecosystems scan weekly; each capped at 5 concurrent open PRs.

Why (PILOT-355): This is the automated part of the repo hygiene ticket. The manually-required piece (.github/workflows/notify-canary.yml) must be created by a human since .github/workflows/** is in the agent paths_denied.

@matthew-pilot
Copy link
Copy Markdown
Collaborator Author

matthew-pilot commented Jun 2, 2026

🤖 PR Status

#6: fix: add Dependabot config for Go modules and GitHub Actions (PILOT-355)

  • State: open | Mergeable: ✅ clean
  • Author: matthew-pilot (self)
  • Branch: openclaw/pilot-355-20260602-184500main
  • CI: ✅ test (SUCCESS), ✅ codecov/patch (SUCCESS)
  • Files: 1 file, +19/−0
  • Linked ticket: PILOT-355
  • Labels: none
  • Canary: not triggered (config-only change, no Go code paths affected)
  • Last update: 2026-06-02T18:47Z

@matthew-pilot
Copy link
Copy Markdown
Collaborator Author

matthew-pilot commented Jun 2, 2026

🤖 PR Status — updater#6 (PILOT-355)

State: OPEN · Mergeable: MERGEABLE · Draft: no
CI: test ✅ · codecov/patch ✅ (all passing)
Changes: +19/−0 in 1 file (.github/dependabot.yml)
Labels: none

Summary: Adds Dependabot config for Go module + GitHub Actions weekly updates. Repo hygiene (PILOT-162 / PILOT-355). The notify-canary.yml workflow requires manual creation (agent paths_denied).

Ready for operator review/merge when convenient.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@matthew-pilot