Skip to content

Group all Go dependency updates in Dependabot#63

Merged
kaovilai merged 1 commit into
oadp-devfrom
dependabot-group-go-deps
Jul 16, 2026
Merged

Group all Go dependency updates in Dependabot#63
kaovilai merged 1 commit into
oadp-devfrom
dependabot-group-go-deps

Conversation

@kaovilai

@kaovilai kaovilai commented Jul 16, 2026

Copy link
Copy Markdown
Member

Dependabot was configured (gomod + github-actions, monthly) but had no groups, so Go module bumps arrive as one PR per dependency.

Changes

  • Add a catch-all go-dependencies group (pattern *) to the gomod entry so all Go module updates land in a single PR.
  • github-actions entry and schedule intervals left untouched.

Matches the same grouping added in migtools/filebrowser#28.

Note

Responses generated with Claude

Summary by CodeRabbit

  • Chores
    • Consolidated Go dependency updates into a single automated update group.
    • Existing GitHub Actions update configuration remains unchanged.

Dependabot was configured but had no groups, so Go module bumps
arrive as one PR per dependency. Add a catch-all go-dependencies
group so all Go module updates land in a single PR, matching
migtools/filebrowser#28.

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 2972d3d5-36a8-4465-a1d7-fa4763ca3c7c

📥 Commits

Reviewing files that changed from the base of the PR and between 179f18d and e986314.

📒 Files selected for processing (1)
  • .github/dependabot.yml

Walkthrough

Dependabot is configured to group all Go module dependency updates into a go-dependencies group. The existing GitHub Actions update configuration remains unchanged.

Changes

Dependabot update configuration

Layer / File(s) Summary
Group Go module updates
.github/dependabot.yml
Adds a go-dependencies group for the gomod ecosystem using a wildcard package pattern.

Estimated code review effort: 1 (Trivial) | ~2 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: grouping all Go dependency updates in Dependabot.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR only changes .github/dependabot.yml; no Ginkgo or other test titles were added or modified.
Test Structure And Quality ✅ Passed PR only changes .github/dependabot.yml; no Ginkgo test code or test structure is involved.
Microshift Test Compatibility ✅ Passed The diff only updates .github/dependabot.yml; no new Ginkgo tests or MicroShift-sensitive APIs were added.
Single Node Openshift (Sno) Test Compatibility ✅ Passed Only .github/dependabot.yml changed; no Ginkgo/e2e test code was added or modified.
Topology-Aware Scheduling Compatibility ✅ Passed Only .github/dependabot.yml changed; no deployment manifests, controllers, or scheduling constraints were modified.
Ote Binary Stdout Contract ✅ Passed PR only changes .github/dependabot.yml; no process-level code or stdout writes were added, so the OTE stdout contract is unaffected.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Only .github/dependabot.yml changed; no Ginkgo e2e tests or network code were added.
No-Weak-Crypto ✅ Passed Only .github/dependabot.yml changed; it adds a Dependabot group and contains no weak-crypto, custom crypto, or secret-comparison code.
Container-Privileges ✅ Passed PR only updates .github/dependabot.yml; no container/K8s manifests or privilege fields are present in the diff or repo scan.
No-Sensitive-Data-In-Logs ✅ Passed Only .github/dependabot.yml changed; it adds a Go dependency group and contains no logs or sensitive data.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot-group-go-deps

Comment @coderabbitai help to get the list of available commands.

@sseago

sseago commented Jul 16, 2026

Copy link
Copy Markdown

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jul 16, 2026
@openshift-ci

openshift-ci Bot commented Jul 16, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Joeavaikath, kaovilai, sseago

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

1 similar comment
@openshift-ci

openshift-ci Bot commented Jul 16, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Joeavaikath, kaovilai, sseago

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kaovilai
kaovilai merged commit 21e781d into oadp-dev Jul 16, 2026
3 of 14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants