Chore: [AEA-0000] - Dependabot cooldown#487
Conversation
|
This PR is linked to a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket: AEA-0000 |
There was a problem hiding this comment.
Pull request overview
This PR introduces a Dependabot “cooldown” configuration to slow the cadence of update PRs, and also adds a scheduled GitHub Actions workflow to update the repo’s devcontainer version via a reusable workflow.
Changes:
- Add
cooldown.default-days: 3to each configured Dependabot update ecosystem. - Add a scheduled/manual workflow to run
update-dev-container-versionfromNHSDigital/eps-common-workflows.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
.github/workflows/update_dev_container_version.yml |
Adds a scheduled workflow that calls a reusable workflow to update the devcontainer version. |
.github/dependabot.yml |
Adds a 3-day cooldown to Dependabot update configurations. |
Comments suppressed due to low confidence (1)
.github/dependabot.yml:74
- This file ends with a whitespace-only line. Please remove the trailing whitespace/blank line so the YAML stays clean and avoids lint/formatting noise in future diffs.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| name: Update Devcontainer Version | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| schedule: | ||
| - cron: "0 18 * * 4" |
There was a problem hiding this comment.
The PR description mentions only adding a Dependabot cooldown, but this workflow file is also introduced. Please either update the PR description to include the devcontainer update workflow, or move this workflow change into its own PR to keep scope clear.
| - cron: "0 18 * * 4" | ||
|
|
||
| jobs: | ||
| update_devcontainer_version: |
There was a problem hiding this comment.
This repo pins NHSDigital/eps-common-workflows reusable workflows to the same commit SHA elsewhere, but this new workflow uses a different SHA. To avoid inconsistent behavior and simplify future upgrades, align this to the same pinned SHA used in the other workflow calls (or document why this workflow needs a different revision).
| update_devcontainer_version: | |
| update_devcontainer_version: | |
| # Intentionally pinned to this specific revision of eps-common-workflows; this SHA may | |
| # differ from other workflow calls in this repo because devcontainer updates rely on | |
| # behavior introduced in this version. |
|
Summary
Details