Skip to content

Onboard repository to Dependabot for automated testing and AI dependency updates #800

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Onboard repository to Dependabot for automated testing and AI dependency updates #800

wants to merge 11 commits into from
+80 −0

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Sep 19, 2025
edited
Loading

  • Explore repository structure and understand package management setup
  • Confirm no existing Dependabot configuration exists
  • Identify that the project uses Central Package Management with Directory.Packages.props
  • Create .github/dependabot.yml configuration file
  • Configure Dependabot to monitor NuGet packages
  • Configure Dependabot to monitor GitHub Actions
  • Set appropriate update intervals and grouping strategies
  • Validate configuration syntax and structure
  • Refactor to only update testing dependencies per maintainer feedback
  • Remove documentation file per maintainer request
  • Simplify configuration by removing redundant allow list
  • Use wildcard patterns in ignore list for cleaner maintenance
  • Add Microsoft.Extensions.AI group for lockstep updates
  • Move AI group to top for prioritization

Summary

Successfully onboarded the repository to Dependabot for automated dependency updates, refined based on maintainer feedback to target testing dependencies plus critical Microsoft.Extensions.AI packages with optimal organization.

Latest Changes:

  • Moved microsoft-extensions-ai group to top per @eiriktsarpalis feedback for prioritization
  • Maintained proper pattern Microsoft.Extensions.AI.* for comprehensive AI package coverage
  • Organized groups by priority - AI packages first, then testing frameworks

Final Configuration:

  • NuGet Package Management: Monitors testing dependencies + Microsoft.Extensions.AI packages
  • GitHub Actions Updates: Keeps workflow actions current and secure
  • Smart Grouping: 6 focused groups prioritized by importance:
    1. microsoft-extensions-ai: All Microsoft.Extensions.AI.* packages for lockstep updates (TOP PRIORITY)
    2. testing-frameworks: xunit, Microsoft.NET.Test.Sdk, coverlet, Moq, etc.
    3. microsoft-extensions-testing: Microsoft.Extensions packages used in testing
    4. opentelemetry-testing: OpenTelemetry packages for testing/samples
    5. serilog-testing: Serilog packages for testing/samples
    6. other-testing: Individual testing packages
  • Pattern-Based Filtering: Uses wildcards for clean ignores of other product dependencies
  • Controlled Updates: Limited to 5 concurrent PRs
  • Appropriate Labeling: PRs tagged with dependencies and testing

The configuration prioritizes Microsoft.Extensions.AI packages for immediate attention while maintaining comprehensive testing dependency management.

Fixes #799.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@Copilot Copilot AI changed the title [WIP] Onboard repo to dependabot Onboard repository to Dependabot for automated dependency updates Sep 19, 2025
@Copilot Copilot AI requested a review from eiriktsarpalis September 19, 2025 13:00
Copilot finished work on behalf of eiriktsarpalis September 19, 2025 13:00
eiriktsarpalis
eiriktsarpalis reviewed Sep 19, 2025
View reviewed changes
@Copilot Copilot AI changed the title Onboard repository to Dependabot for automated dependency updates Onboard repository to Dependabot for automated testing dependency updates Sep 19, 2025
@Copilot Copilot AI requested a review from eiriktsarpalis September 19, 2025 13:09
Copilot finished work on behalf of eiriktsarpalis September 19, 2025 13:09
eiriktsarpalis
eiriktsarpalis reviewed Sep 19, 2025
View reviewed changes
@Copilot Copilot AI requested a review from eiriktsarpalis September 19, 2025 13:36
Copilot finished work on behalf of eiriktsarpalis September 19, 2025 13:36
eiriktsarpalis
eiriktsarpalis reviewed Sep 19, 2025
View reviewed changes
Copilot finished work on behalf of eiriktsarpalis September 19, 2025 13:42
@Copilot Copilot AI requested a review from eiriktsarpalis September 19, 2025 13:42
eiriktsarpalis
eiriktsarpalis reviewed Sep 19, 2025
View reviewed changes
@Copilot Copilot AI changed the title Onboard repository to Dependabot for automated testing dependency updates Onboard repository to Dependabot for automated testing and AI dependency updates Sep 19, 2025
Copilot finished work on behalf of eiriktsarpalis September 19, 2025 13:56
@Copilot Copilot AI requested a review from eiriktsarpalis September 19, 2025 13:56
eiriktsarpalis
eiriktsarpalis reviewed Sep 19, 2025
View reviewed changes
eiriktsarpalis
eiriktsarpalis reviewed Sep 19, 2025
View reviewed changes
eiriktsarpalis
eiriktsarpalis reviewed Sep 19, 2025
View reviewed changes
@Copilot Copilot AI requested a review from eiriktsarpalis September 19, 2025 14:01
Copilot finished work on behalf of eiriktsarpalis September 19, 2025 14:01
eiriktsarpalis
eiriktsarpalis reviewed Sep 19, 2025
View reviewed changes
@eiriktsarpalis eiriktsarpalis marked this pull request as ready for review September 19, 2025 15:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eiriktsarpalis eiriktsarpalis eiriktsarpalis left review comments

@stephentoub stephentoub Awaiting requested review from stephentoub

At least 1 approving review is required to merge this pull request.

Assignees

@eiriktsarpalis eiriktsarpalis

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Onboard repo to dependabot
2 participants
@Copilot @eiriktsarpalis