Skip to content

ci: exempt internal devantler-tech deps from Dependabot cooldown#87

Merged
devantler merged 1 commit into
mainfrom
claude/exempt-internal-deps-cooldown
Jun 5, 2026
Merged

ci: exempt internal devantler-tech deps from Dependabot cooldown#87
devantler merged 1 commit into
mainfrom
claude/exempt-internal-deps-cooldown

Conversation

@devantler

Copy link
Copy Markdown
Contributor

What

Adds exclude: ["devantler-tech/*"] to the Dependabot github-actions cooldown. Per Dependabot's WildcardMatcher, * compiles to .* (anchored, matches across /), so it covers both devantler-tech/actions and reusable-workflow refs like devantler-tech/reusable-workflows/.github/workflows/<file>.yaml.

Also adds exclude: ["github.com/devantler-tech/*"] to the gomod cooldown (future-proofs internal Go modules).

Why

We trust our own code (CI is the gate), so internal devantler-tech/* bumps shouldn't wait in cooldown like third-party deps — they should land immediately.

Companion to devantler-tech/monorepo#1782 (portfolio-wide pass across every repo's Dependabot/Renovate config).

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings June 4, 2026 23:18
@github-actions

github-actions Bot commented Jun 4, 2026

Copy link
Copy Markdown

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 6 0 0 0.32s
✅ ACTION zizmor 6 0 0 0 1.26s
✅ COPYPASTE jscpd yes no no 0.95s
✅ EDITORCONFIG editorconfig-checker 27 0 0 0.03s
✅ GO golangci-lint yes yes no no 20.88s
✅ JSON jsonlint 1 0 0 0.46s
✅ JSON prettier 1 0 0 0 0.7s
✅ JSON v8r 1 0 0 2.42s
✅ MARKDOWN markdownlint 4 0 0 0 1.16s
✅ MARKDOWN markdown-table-formatter 4 0 0 0 0.26s
✅ REPOSITORY checkov yes no no 27.32s
✅ REPOSITORY gitleaks yes no no 0.13s
✅ REPOSITORY git_diff yes no no 0.01s
✅ REPOSITORY grype yes no no 59.11s
✅ REPOSITORY osv-scanner yes no no 2.03s
✅ REPOSITORY secretlint yes no no 1.32s
✅ REPOSITORY syft yes no no 1.93s
✅ REPOSITORY trivy yes no no 10.47s
✅ REPOSITORY trivy-sbom yes no no 0.16s
✅ REPOSITORY trufflehog yes no no 3.44s
✅ SPELL lychee 15 0 0 0.68s
✅ YAML prettier 10 0 0 0 0.69s
✅ YAML v8r 10 0 0 13.04s
✅ YAML yamllint 10 0 0 0.78s

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates Dependabot cooldown configuration to exempt internal devantler-tech dependencies from waiting periods, so first-party GitHub Actions/workflows and Go modules can be updated immediately while third-party deps still respect cooldown.

Changes:

  • Add a cooldown exclude for github.com/devantler-tech/* in the gomod updates config.
  • Add a cooldown exclude for devantler-tech/* in the github-actions updates config.

Comment thread .github/dependabot.yaml
Comment thread .github/dependabot.yaml
@devantler devantler marked this pull request as ready for review June 4, 2026 23:22
@devantler devantler merged commit 44a5dd1 into main Jun 5, 2026
19 checks passed
@devantler devantler deleted the claude/exempt-internal-deps-cooldown branch June 5, 2026 08:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants