Set package ecosystem to 'gradle' in dependabot config#2671
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a Dependabot configuration file to automate dependency updates for the Gradle ecosystem. The review suggests increasing the open pull request limit, grouping dependencies to reduce noise, and adding the github-actions ecosystem to ensure CI workflows remain secure.
| updates: | ||
| - package-ecosystem: "gradle" # See documentation for possible values | ||
| directory: "/" # Location of package manifests | ||
| schedule: | ||
| interval: "weekly" |
There was a problem hiding this comment.
For a project with a significant number of dependencies (as seen in gradle/libs.versions.toml), the default open-pull-requests-limit of 5 can lead to stalled updates if multiple dependencies are outdated. Increasing this limit and using groups to bundle updates will improve maintainability by reducing pull request noise. Additionally, including the github-actions ecosystem is a best practice for keeping CI workflows secure and up to date.
updates:
- package-ecosystem: "gradle"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
groups:
gradle-dependencies:
patterns:
- "*"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
2 participants
No description provided.