From cfd309cfa6c17b5a7670b24c0d56c7b70a7923af Mon Sep 17 00:00:00 2001 From: jmeridth Date: Wed, 17 Jun 2026 22:58:53 -0500 Subject: [PATCH 1/2] chore(ci): add dependabot config for automated dependency updates What/Why Enable Dependabot to automatically open PRs for outdated dependencies across all ecosystems in the repo: cargo, uv, github-actions, and docker (lore-server, lore-revision). Proof it works YAML validates cleanly. Dependabot will pick up the config on merge and begin scanning on its weekly schedule. Risk + AI role Low -- config-only addition, no code changes. AI-generated (Claude Opus 4.6, claude-opus-4-6), human-reviewed. Review focus Confirm the grouped minor+patch strategy is appropriate and that no ecosystems were missed. The labels (rust, python, github_actions, docker, dependencies) must exist in the repo or be created before merge, otherwise Dependabot PRs will fail to apply them. Signed-off-by: jmeridth --- .github/dependabot.yaml | 78 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 .github/dependabot.yaml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..f0bbae9 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,78 @@ +--- +version: 2 +updates: + - package-ecosystem: "cargo" + directory: "/" + schedule: + interval: "weekly" + cooldown: + default-days: 7 + commit-message: + prefix: "chore(deps)" + labels: ["rust", "dependencies"] + groups: + dependencies: + applies-to: version-updates + update-types: + - "minor" + - "patch" + - package-ecosystem: "uv" + directory: "/" + schedule: + interval: "weekly" + cooldown: + default-days: 7 + commit-message: + prefix: "chore(deps)" + labels: ["python", "dependencies"] + groups: + dependencies: + applies-to: version-updates + update-types: + - "minor" + - "patch" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + cooldown: + default-days: 7 + commit-message: + prefix: "chore(deps)" + labels: ["github_actions", "dependencies"] + groups: + dependencies: + applies-to: version-updates + update-types: + - "minor" + - "patch" + - package-ecosystem: "docker" + directory: "/lore-server" + schedule: + interval: "weekly" + cooldown: + default-days: 7 + commit-message: + prefix: "chore(deps)" + labels: ["docker", "dependencies"] + groups: + dependencies: + applies-to: version-updates + update-types: + - "minor" + - "patch" + - package-ecosystem: "docker" + directory: "/lore-revision" + schedule: + interval: "weekly" + cooldown: + default-days: 7 + commit-message: + prefix: "chore(deps)" + labels: ["docker", "dependencies"] + groups: + dependencies: + applies-to: version-updates + update-types: + - "minor" + - "patch" From 6b975e923a46ca8243be480cc4b1dbb2fc1edc53 Mon Sep 17 00:00:00 2001 From: jmeridth Date: Thu, 18 Jun 2026 08:24:52 -0500 Subject: [PATCH 2/2] chore(ci): remove cargo ecosystem from dependabot config ## What/Why Remove the cargo package ecosystem from the dependabot configuration per PR review feedback (EpicGames/lore#21). ## Proof it works YAML-only change; validated structure manually. Remaining ecosystems (uv, github-actions, docker) are unchanged. ## Risk + AI role Low -- config removal only. AI-assisted (Claude Opus 4.6) for the edit. ## Review focus Confirm cargo removal aligns with upstream maintainer intent. Signed-off-by: jmeridth --- .github/dependabot.yaml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index f0bbae9..8a2f5ce 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -1,21 +1,6 @@ --- version: 2 updates: - - package-ecosystem: "cargo" - directory: "/" - schedule: - interval: "weekly" - cooldown: - default-days: 7 - commit-message: - prefix: "chore(deps)" - labels: ["rust", "dependencies"] - groups: - dependencies: - applies-to: version-updates - update-types: - - "minor" - - "patch" - package-ecosystem: "uv" directory: "/" schedule: