Dependabot/gh-actions: move to bi-weekly schedule#2668
Merged
Conversation
👉 Important: this is for **version** updates only, not for security updates, which are handled separately and don't depend on this configuration. --- PR 2621 updated the GitHub Actions workflows used in this repo to use "pinned" versions for external action runners to improve workflow security. The net result of this, is that Dependabot now sends PRs to all repos I (co-)maintain on a weekly basis for most repos. As the default day for the "weekly" interval is _Monday_ and most repos don't change this, it means that Dependabot has a huge queue on Mondays and that PRs come in bit by bit throughout the day and even spill over into Tuesday. This constant stream of low level/easy PRs to merge is disruptive and time consuming, especially as I can't just go through them all in one go. As these updates are rarely time-sensitive, it should be fine to receive them less frequently. This commit tries to make it so by changing the Dependabot schedule for GitHub Actions to once every two weeks and late in the day when the queue should be mostly empty (as long as it's not a Monday), which should mean that if I apply this same change to all repos I am involved with, all these Dependabot PRs should come in around the same time.
dingo-d
approved these changes
Dec 8, 2025
rodrigoprimo
approved these changes
Dec 8, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
👉 Important: this is for version updates only, not for security updates, which are handled separately and don't depend on this configuration.
PR #2621 updated the GitHub Actions workflows used in this repo to use "pinned" versions for external action runners to improve workflow security.
The net result of this, is that Dependabot now sends PRs to all repos I (co-)maintain on a weekly basis for most repos. As the default day for the "weekly" interval is Monday and most repos don't change this, it means that Dependabot has a huge queue on Mondays and that PRs come in bit by bit throughout the day and even spill over into Tuesday.
This constant stream of low level/easy PRs to merge is disruptive and time consuming, especially as I can't just go through them all in one go.
As these updates are rarely time-sensitive, it should be fine to receive them less frequently.
This commit tries to make it so by changing the Dependabot schedule for GitHub Actions to once every two weeks and late in the day when the queue should be mostly empty (as long as it's not a Monday), which should mean that if I apply this same change to all repos I am involved with, all these Dependabot PRs should come in around the same time.
Suggested changelog entry
N/A
Additional Context
As per the description, this is mostly a quality of life improvement for me as currently I can't seem to get any work done anymore on any given Monday.