diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 27fdc60d..71255cb2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -35,5 +35,3 @@ updates: - dependency-name: "cpp-linter/cpp-linter-action" versions: ">=2.16" open-pull-requests-limit: 50 - cooldown: - default: 4 diff --git a/README.md b/README.md index ab9d66c1..6537fe69 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,6 @@ This repository hosts GitHub Actions developed by the ASF community and approved - [Adding a New Action](#adding-a-new-action-to-the-allow-list) - [Reviewing](#reviewing) - [Adding a New Version](#adding-a-new-version-to-the-allow-list) - - [Dependabot Cooldown Period](#dependabot-cooldown-period) - [Manual Version Addition](#manual-addition-of-specific-versions) - [Removing a Version](#removing-a-version-manually) @@ -144,23 +143,6 @@ This will: > **Prerequisites:** `docker`, `uv`, and `gh` (GitHub CLI, authenticated via `gh auth login`). > The build runs in a `node:20-slim` container so no local Node.js installation is needed. -#### Dependabot Cooldown Period - -This repository uses a [Dependabot cooldown period](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#cooldown) of 4 days. After a Dependabot PR is merged or closed, Dependabot will wait 4 days before opening the next PR for the same ecosystem. This helps keep the volume of update PRs manageable and gives reviewers time to catch up. - -> [!TIP] -> We recommend that ASF projects configure a similar cooldown in their own `dependabot.yml` to avoid being overwhelmed by update PRs and to catch up with approved actions here: -> ```yaml -> updates: -> - package-ecosystem: "github-actions" -> directory: "/" -> schedule: -> interval: "weekly" -> cooldown: -> default: 4 -> ``` -> Adjust the `default` value (in days) to match your project's review capacity. - ### Manual Addition of Specific Versions If you need to add a specific version of an already approved action (especially an older one):