Skip to content

ci: add patterns: ['*'] to dependabot actions-minor-patch group (#406 follow-up)#407

Merged
ctrl-alt-automate merged 1 commit intodevfrom
ci/2026-04-18-dependabot-group-patterns
Apr 18, 2026
Merged

ci: add patterns: ['*'] to dependabot actions-minor-patch group (#406 follow-up)#407
ctrl-alt-automate merged 1 commit intodevfrom
ci/2026-04-18-dependabot-group-patterns

Conversation

@ctrl-alt-automate
Copy link
Copy Markdown
Owner

@ctrl-alt-automate ctrl-alt-automate commented Apr 18, 2026

Summary

Fixup for PR #406. Gemini caught this ~1 min after that PR merged.

Issue

The `actions-minor-patch` group in `.github/dependabot.yml` has no selection criterion (`patterns`, `exclude-patterns`, or `dependency-type`). Per GitHub Dependabot docs, a group without at least one of these silently matches zero dependencies — so the grouping has no effect and every update would still open its own PR.

Fix

Added `patterns: ['*']` to match all GitHub Actions in the group, plus an inline comment explaining why the selector is required (so future contributors don't make the same mistake).

Test plan

  • GitHub Dependabot API validates the config (runs as a status check on the PR)
  • Standard Pester / Gitleaks CI pass (no behavioural changes)
  • First real-world verification: aankomende maandag 06:00 NL-tijd — we should see one grouped PR instead of one-per-action

@ctrl-alt-automate
ci: add patterns: ['*'] to dependabot actions-minor-patch group
c0b4d6e 
Gemini caught this post-merge on PR #406: Dependabot's `groups` block
requires at least one selection criterion (`patterns`, `exclude-patterns`,
or `dependency-type`) for the group to match any dependencies. Without
one, the group silently matches zero dependencies and every update opens
its own PR — defeating the purpose of grouping.

Added `patterns: ['*']` to match all GitHub Actions in the group, plus
an inline comment explaining why the selector is mandatory.
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 18, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the .github/dependabot.yml configuration by adding a wildcard pattern to the actions-minor-patch group. This change ensures that Dependabot correctly identifies and groups minor and patch updates for GitHub Actions, avoiding excessive individual pull requests. I have no feedback to provide.

@ctrl-alt-automate ctrl-alt-automate merged commit 63f3aea into dev Apr 18, 2026
6 checks passed
@ctrl-alt-automate ctrl-alt-automate deleted the ci/2026-04-18-dependabot-group-patterns branch April 18, 2026 15:07
@ctrl-alt-automate ctrl-alt-automate mentioned this pull request Apr 19, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ctrl-alt-automate