From 273c1ae7db3f22ce08d5d5fa9b2ec2a4dafb8213 Mon Sep 17 00:00:00 2001
From: Pieter Noordhuis <pieter.noordhuis@databricks.com>
Date: Mon, 23 Mar 2026 16:26:06 +0100
Subject: [PATCH] Update Dependabot configuration

Ignore the Databricks Go SDK because its upgrade requires code
generation and cannot be handled by Dependabot alone.

Update the github-actions package ecosystem configuration. Use a monthly
update interval to keep churn low while ensuring deprecation notices and
security fixes flow in through PRs. The 7-day cooldown avoids bumping
actions that were just released, letting them bake first.

Exclude tagging.yml because it is generated and maintained externally.

Co-authored-by: Isaac
---
 .github/dependabot.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 378d63e75a..6931952a84 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,6 +4,9 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    ignore:
+      # Ignore Databricks Go SDK because its upgrade requires code generation
+      - dependency-name: github.com/databricks/databricks-sdk-go
   - package-ecosystem: "gomod"
     directory: "/tools"
     schedule:
@@ -15,7 +18,9 @@ updates:
       - "/.github/actions/setup-build-environment"
     schedule:
       interval: "monthly"
+    cooldown:
+      default-days: 7
     # tagging.yml is generated and maintained externally. Ignore
     # actions/create-github-app-token since it is only used in tagging.yml.
-    ignore:
-      - dependency-name: "actions/create-github-app-token"
+    exclude-paths:
+      - .github/workflows/tagging.yml