ci: bump Dependabot bundler cadence to daily and route Ruby reviews#528
Open
mokagio wants to merge 2 commits into
Open
ci: bump Dependabot bundler cadence to daily and route Ruby reviews#528mokagio wants to merge 2 commits into
mokagio wants to merge 2 commits into
Conversation
Bundler updates move from weekly to daily with minor/patch grouping and a PR cap, per the dependabot-bootstrap campaign (AINFRA-2437). CODEOWNERS routes the Apps Infra surface (dependency files, CI config, toolchain pins) to apps-infra-tooling, replacing the retired dependabot.yml reviewers key. --- Generated with the help of Claude Code, https://code.claude.com Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
github-actions
Bot
added
the
[Type] Build Tooling
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates repository automation governance by increasing Dependabot’s Bundler check cadence and routing reviews for dependency/CI/toolchain surface changes to the Apps Infra Tooling team via CODEOWNERS.
Changes:
- Change Bundler Dependabot update interval from weekly to daily, and group minor/patch Ruby updates.
- Add
.github/CODEOWNERSto request review from@wordpress-mobile/apps-infra-toolingfor Ruby dependency, CI/automation, and toolchain pin paths.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
.github/dependabot.yml |
Sets Bundler updates to run daily, groups minor/patch updates, and limits open PRs. |
.github/CODEOWNERS |
Establishes path-based review ownership for dependency manifests, CI config, and toolchain pins. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
XCFramework BuildThis PR's XCFramework is available for testing. Add the following to your .package(url: "https://github.com/wordpress-mobile/GutenbergKit", branch: "pr-build/528")Built from 367f328 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates Dependabot to check Ruby dependencies daily so we can more easily address security updates. See AINFRA-2437.
Also routes review of the Apps Infra surface (dependency manifests, CI config, toolchain pins) to @wordpress-mobile/apps-infra-tooling via CODEOWNERS — GitHub retired the dependabot.yml
reviewerskey, and CODEOWNERS is its designated replacement. The routing is path-based, so it applies to any PR touching those files, not just Dependabot's; deliberate, since no source-scoped alternative exists.Posted by Claude Code (Fable 5) on behalf of @mokagio.