Configure dependabot to ignore pre-release versions and preserve existing ignore rules

[Copilot]

Problem

Dependabot was creating pull requests for pre-release versions like 2.9.10-alpha01 and 1.9.10+dev2806, which are not suitable for production use and create unnecessary noise in the repository. Additionally, during the rebase process, it was discovered that the main branch had additional ignore rules that needed to be preserved.

Solution

Updated the dependabot configuration in .github/dependabot.yml to:

1. Preserve existing ignore rules from the main branch:

   • com.squareup.okhttp3:*
   • org.hisp.dhis.mobile:designsystem:*
   • org.hisp.dhis:android-core:*

2. Add pre-release filtering using GitHub's recommended syntax:

   ignore:
     - dependency-name: "*"
       update-types: ["version-update:semver-prerelease"]

This approach uses the official dependabot update-types syntax instead of problematic version patterns, ensuring compatibility with the Gradle ecosystem and eliminating validation errors.

Benefits

• Uses the official dependabot syntax for pre-release filtering
• Preserves all existing dependency management rules from the main branch
• Eliminates validation errors that occurred with version pattern matching
• Provides more reliable filtering than wildcard patterns
• Reduces noise from unnecessary pre-release version updates
• Maintains focus on stable dependencies while preserving critical ignore rules
• Automatically catches all types of pre-release versions (alpha, dev, beta, rc, snapshot)

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[andresmr]

@copilot dependabot check is failing: Your .github/dependabot.yml contained invalid details can you fix it?

[Copilot]

@copilot dependabot check is failing: Your .github/dependabot.yml contained invalid details can you fix it?

Fixed the dependabot.yml syntax error. The issue was that I was incorrectly combining update-types with dependency-name and versions in the ignore rules. I've simplified the configuration to use the correct syntax with a single ignore rule that combines all the pre-release version patterns.

The fix is in commit bf87079.

[andresmr]

@copilot is still failing: The property '#/updates/0/ignore/1/versions' includes invalid version requirements for a gradle ignore condition

[Copilot]

@copilot is still failing: The property '#/updates/0/ignore/1/versions' includes invalid version requirements for a gradle ignore condition

Fixed the dependabot.yml syntax error. The issue was using invalid versions patterns for Gradle dependencies. I replaced it with update-types: ["version-update:semver-prerelease"] which is the correct way to ignore pre-release versions in dependabot. This approach is more reliable and follows GitHub's recommended syntax.

The fix is in commit 9be12f5.

[andresmr]

@copilot please solve the conflicts

[Copilot]

@copilot please solve the conflicts

Fixed the merge conflicts by removing trailing spaces and ensuring the dependabot.yml uses the correct syntax. The file now uses update-types: ["version-update:semver-prerelease"] which is the proper GitHub-recommended approach for filtering pre-release versions, replacing the problematic versions patterns that were causing validation errors.

The fix is in commit bbb0534.

[andresmr]

@copilot do a rebase onto the main branch and fix the conflicts

[Copilot]

@copilot do a rebase onto the main branch and fix the conflicts

Successfully rebased onto main branch and resolved all merge conflicts. The dependabot.yml now properly combines the existing ignore rules from main with the pre-release filtering using update-types: ["version-update:semver-prerelease"]. The configuration preserves all existing dependency ignore rules while adding proper pre-release version filtering that passes dependabot validation.

Fixed in commit a1ca60d.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud