🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown #11
+14
−30
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull request overview
This PR updates GitHub Actions workflows to pin actions to specific commit SHAs and adjusts Dependabot’s configuration to run daily with a 7‑day cooldown for GitHub Actions updates.
Changes:
- Pin
actions/checkoutandsuper-linter/super-linterin the linter workflow to specific commit SHAs with version comments. - Pin
actions/checkoutandPSModule/Auto-Releasein the auto-release workflow to specific commit SHAs with version comments. - Pin
actions/checkoutandactions/upload-artifactin the action test workflow to specific commit SHAs with version comments. - Remove
.github/release.yml(GitHub’s auto-generated release notes configuration). - Update
.github/dependabot.ymlto use adailyschedule and add acooldownblock withdefault-days: 7for thegithub-actionsecosystem.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/Linter.yml |
Pins checkout and super-linter actions to specific commit SHAs to improve reproducibility and align with Dependabot-managed actions. |
.github/workflows/Auto-Release.yml |
Pins checkout and Auto-Release actions to specific commit SHAs for more controlled updates. |
.github/workflows/Action-Test.yml |
Pins checkout and upload-artifact actions to specific commit SHAs, including a major-version bump for upload-artifact. |
.github/release.yml |
Removes the configuration for GitHub’s automatically generated release notes, reverting behavior to GitHub defaults. |
.github/dependabot.yml |
Switches Dependabot GitHub Actions updates to a daily interval and adds a 7‑day cooldown configuration. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+14
to
+16
| interval: daily | ||
| cooldown: | ||
| default-days: 7 |
There was a problem hiding this comment.
The PR description focuses on updating the Dependabot schedule and adding a cooldown, but this branch also pins multiple GitHub Actions to specific commit SHAs in several workflows and removes .github/release.yml. Please confirm whether those additional changes are intentional for this PR or should be split/updated in the description so reviewers understand the full scope.
MariusStorhaug
changed the title
MariusStorhaug
changed the title
MariusStorhaug
changed the title
MariusStorhaug
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Improves dependency management by configuring Dependabot to check daily while preventing excessive update noise through a 7-day cooldown period. This ensures timely security updates while reducing PR churn.
Dependabot configuration
Changed the update schedule from weekly to daily with a 7-day cooldown period. This provides faster detection of security vulnerabilities while avoiding duplicate PRs for the same dependency within a week.
Release configuration cleanup
Removed the deprecated
.github/release.ymlfile as release notes are now managed through the Auto-Release action's automated process.Action pinning
Pinned all GitHub Actions to specific commit SHAs for improved security and reproducibility:
actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd(v6.0.2)actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f(v6.0.0)super-linter/super-linter@d5b0a2ab116623730dd094f15ddc1b6b25bf7b99(v8.3.2)PSModule/Auto-Release@eabd533035e2cb9822160f26f2eda584bd012356(v1.9.5)PSModule/GitHub-Script@2010983167dc7a41bcd84cb88e698ec18eccb7ca(v1.7.8)