From ec59ea51aca6bb2c32100b15778ae62a5b6884bb Mon Sep 17 00:00:00 2001
From: Philipp Wellmer <philipp@ouun.io>
Date: Tue, 9 Jun 2026 14:33:54 +0200
Subject: [PATCH] ci(dependabot): target the next branch instead of main
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

MilliCache develops on `next` and releases to `main` via release-please,
but Dependabot defaulted to the default branch (main). That meant version
bumps landed on `main` ahead of the dev branch, and bumps relied on main's
workflow — which lagged `next` (e.g. the create-github-app-token client-id
migration sat on `next` for weeks while Dependabot PRs against main kept
failing the Build Assets check).

Point all three ecosystems (composer, npm, github-actions) at `next` so
bumps flow through the normal dev branch and run the current workflow.

(cherry picked from commit 41b6033ce4dcce644d808513c5dd73fc3d8c4af0)
---
 .github/dependabot.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 472d00d49..e725da667 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,6 +2,8 @@ version: 2
 updates:
   - package-ecosystem: "composer"
     directory: "/"
+    # Open PRs against the active dev branch, not the default branch (main)
+    target-branch: "next"
     schedule:
       interval: "weekly"
     groups:
@@ -24,6 +26,7 @@ updates:
 
   - package-ecosystem: "npm"
     directory: "/"
+    target-branch: "next"
     schedule:
       interval: "monthly"
     groups:
@@ -33,5 +36,6 @@ updates:
 
   - package-ecosystem: "github-actions"
     directory: "/"
+    target-branch: "next"
     schedule:
       interval: "weekly"