From d99af5188da08ba800f902b609a3607da07be535 Mon Sep 17 00:00:00 2001 From: cpovirk Date: Fri, 21 Mar 2025 14:12:01 -0700 Subject: [PATCH] Standardize Dependabot configs on "Maven weekly, GitHub Actions monthly." This includes: - setting up Dependabot _at all_ for a few projects - dropping GitHub Actions from weekly to monthly for the rest My feeling on the latter is that GitHub Actions upgrades never feel urgent: Even when GitHub stopped supporting old versions of `actions/cache`, they gave plenty of warning. I'd also note that I don't think we've had trouble much (if ever?) with upgrades to GitHub Actions, so there's even less reason to fear batching of updates than usual. Given that, we might as well try to batch together as many updates as we can so as to marginally reduce toil. (And if an upgrade it ever truly urgent for security reasons, I expect that Dependabot would push us to it promptly, anyway, perhaps even for projects without a Dependabot config at all.) RELNOTES=n/a PiperOrigin-RevId: 739294702 --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8519eb9a..1a6f7b71 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,7 +12,7 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" + interval: "monthly" groups: github-actions: applies-to: version-updates