ci: tame dependabot (monthly+grouped) + run neutrality on every PR#12
Merged
Conversation
Two low-noise fixes after turning the bots on: - dependabot: monthly, grouped into one PR per ecosystem, open-PR-limit 1. Turning it on dumped 6 one-per-dependency PRs at once; this caps it at ~2 grouped PRs/month (one actions, one npm). - neutrality: drop the lib/** path filter so it runs on EVERY PR. It's a required status check now, and a required check that only runs on some PRs strands every other PR (dependabot, docs) in a permanent "expected" state. The script diffs only the data files, so PRs that don't touch them produce an empty diff and pass instantly — safe to always run. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01AQLkYA4bk3sjBJD9obu4Cf
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cleanup after turning the bots on.
dependabot — was bare weekly, so enabling it dumped 6 one-per-dependency PRs at once (the burst you saw). Now monthly, grouped into one PR per ecosystem, capped at 1 open PR each → at most ~2 grouped PRs/month.
neutrality — drop the
lib/**path filter so it runs on every PR. It's a required status check now; a required check that only runs on some PRs leaves every other PR (dependabot, docs, workflow) permanently stuck on an "expected" check. The script only diffs the data files, so PRs that don't touch them produce an empty diff and pass instantly — safe to always run, and the gate is now real on 100% of PRs.🤖 Generated with Claude Code