Skip to content

Add pip ecosystem to dependabot#34

Merged
jbampton merged 2 commits intometropolis-retro:mainfrom
jbampton:add-pip-dependabot
Apr 10, 2026
Merged

Add pip ecosystem to dependabot#34
jbampton merged 2 commits intometropolis-retro:mainfrom
jbampton:add-pip-dependabot

Conversation

@jbampton
Copy link
Copy Markdown
Member

@jbampton jbampton commented Apr 10, 2026

No description provided.

@jbampton jbampton self-assigned this Apr 10, 2026
@jbampton jbampton added the good first issue Good for newcomers label Apr 10, 2026
@github-project-automation github-project-automation bot moved this to Backlog in METROPOLIS Apr 10, 2026
@jbampton jbampton moved this from Backlog to In progress in METROPOLIS Apr 10, 2026
@jbampton jbampton requested a review from Copilot April 10, 2026 07:01
@jbampton jbampton moved this from In progress to In review in METROPOLIS Apr 10, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds a pip package ecosystem to the Dependabot configuration and reduces the dependabot-cooldown period in the zizmor linter settings. A review comment correctly points out that Dependabot's pip ecosystem does not support extracting dependencies from GitHub Actions workflow files, suggesting a change to the root directory for proper dependency tracking.

Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds Dependabot support for Python (pip) dependencies used by GitHub workflow automation, and aligns the zizmor dependabot cooldown rule with the configured cooldown.

Changes:

  • Add a pip ecosystem entry to Dependabot targeting .github/workflows.
  • Reduce the zizmor dependabot-cooldown rule from 14 to 7 days.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
.github/linters/zizmor.yml Adjusts the configured minimum cooldown window for Dependabot-related checks.
.github/dependabot.yml Adds a new Dependabot update configuration for pip dependencies in workflow automation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jbampton
Update .github/dependabot.yml
a1b7483 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@jbampton jbampton merged commit 11d1399 into metropolis-retro:main Apr 10, 2026
2 of 3 checks passed
@github-project-automation github-project-automation bot moved this from In review to Done in METROPOLIS Apr 10, 2026
@jbampton jbampton deleted the add-pip-dependabot branch April 10, 2026 07:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@jbampton jbampton

Labels

good first issue Good for newcomers

Projects

METROPOLIS
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jbampton