Skip to content

ci: add dependabot and nix flake update workflows [ENG-11704] #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ryoppippi merged 3 commits into from
Dec 23, 2025
Merged

ci: add dependabot and nix flake update workflows [ENG-11704] #71

ryoppippi merged 3 commits into from
Dec 23, 2025

Conversation

@ryoppippi
Copy link
Member

@ryoppippi ryoppippi commented Dec 23, 2025
edited by cubic-dev-ai bot
Loading

Summary

  • Add dependabot.yaml for automated dependency updates
    • Python dependencies (pip) with weekly schedule on Mondays
    • GitHub Actions with weekly schedule
    • Groups dev dependencies and AI framework dependencies
  • Add nix-flake-update.yaml workflow (aligned with stackone-ai-node)
    • Scheduled weekly Nix flake input updates
    • Auto-creates PR with merge enabled

Test plan

  • Dependabot creates PRs for outdated dependencies
  • Nix flake update workflow runs successfully on schedule or manual trigger

Summary by cubic

Add Dependabot and a scheduled Nix flake update workflow to automate dependency updates for Python, GitHub Actions, and Nix. This keeps dependencies current with weekly PRs and auto-merge when safe.

  • New Features
    • Dependabot for pip and GitHub Actions, weekly Mondays at 09:00 Europe/London; groups dev and AI framework updates (minor/patch) with labels and PR limits.
    • Scheduled Nix flake update (cron + manual) that updates flake.lock, opens a labeled PR via peter-evans, and enables auto-merge.

Written for commit e97c290. Summary will update automatically on new commits.

Copilot AI review requested due to automatic review settings December 23, 2025 10:26
@ryoppippi ryoppippi force-pushed the chore/add-dependabot-and-nix-flake-update branch from dc9ad7a to cff8891 Compare December 23, 2025 10:27
@ryoppippi ryoppippi changed the title chore(ci): add dependabot and nix flake update workflows chore(ci): add dependabot and nix flake update workflows [ENG-11704] Dec 23, 2025
@ryoppippi ryoppippi changed the title chore(ci): add dependabot and nix flake update workflows [ENG-11704] ci: add dependabot and nix flake update workflows [ENG-11704] Dec 23, 2025
Copilot AI reviewed Dec 23, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds automated dependency management tooling for the repository by introducing Dependabot configuration for Python and GitHub Actions dependencies, and a scheduled Nix flake update workflow. These additions align with the goal of keeping dependencies current with minimal manual intervention.

Key Changes:

  • Dependabot configuration with weekly schedules for Python (pip) and GitHub Actions dependencies, grouping dev and AI framework updates
  • Automated Nix flake update workflow that runs weekly, creating PRs with auto-merge enabled
  • Both automation workflows scheduled for Mondays at 09:00 to coordinate dependency updates

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File Description
.github/dependabot.yaml Configures Dependabot for weekly Python and GitHub Actions dependency updates with grouped minor/patch updates for dev dependencies and AI frameworks
.github/workflows/nix-flake-update.yaml Implements scheduled workflow to automatically update Nix flake inputs weekly and create PRs with auto-merge enabled

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/nix-flake-update.yaml
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
Copy link

Copilot AI Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent version pinning for actions/checkout. This workflow uses v4.3.1, but all other workflows in the repository use v6.0.1 (commit hash 8e8c483db84b4bee98b60c0593521ed34d9990e8). For consistency and to use the same version as the rest of the codebase, this should be updated to match the version used in ci.yaml, release.yaml, and nix-flake.yaml.

Suggested change
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

Copilot uses AI. Check for mistakes.
.github/dependabot.yaml Outdated
- "ruff"
- "ty"
- "pre-commit"
- "gitleaks"
Copy link

Copilot AI Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pattern "gitleaks" is included in the dev-dependencies group, but gitleaks is not a Python package managed by pip. It's a standalone tool installed via Nix (as seen in the justfile and CI workflows). This pattern will not match any Python dependencies and should be removed from the dev-dependencies group.

Suggested change
- "gitleaks"

Copilot uses AI. Check for mistakes.
.github/dependabot.yaml
- "pytest*"
- "ruff"
- "ty"
- "pre-commit"
Copy link

Copilot AI Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pattern "pre-commit" is included in the dev-dependencies group, but pre-commit is not a Python package managed by pip in this project. It's managed via the git-hooks.nix flake module (see flake.nix). This pattern will not match any Python dependencies and should be removed from the dev-dependencies group.

Suggested change
- "pre-commit"

Copilot uses AI. Check for mistakes.
@ryoppippi
chore(ci): add dependabot and nix flake update workflows
b53c0a5 
- Add dependabot.yaml for automated dependency updates
  - Python dependencies (pip) with weekly schedule
  - GitHub Actions with weekly schedule
  - Group dev dependencies and AI framework dependencies
- Add nix-flake-update.yaml workflow
  - Scheduled weekly Nix flake input updates
  - Auto-creates PR with merge enabled
@ryoppippi ryoppippi force-pushed the chore/add-dependabot-and-nix-flake-update branch from cff8891 to b53c0a5 Compare December 23, 2025 10:32
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Dec 23, 2025
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

glebedel
glebedel approved these changes Dec 23, 2025
View reviewed changes
Copy link
Contributor

@glebedel glebedel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ryoppippi ryoppippi merged commit f9c76c4 into main Dec 23, 2025
15 checks passed
@ryoppippi ryoppippi deleted the chore/add-dependabot-and-nix-flake-update branch December 23, 2025 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@glebedel glebedel glebedel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ryoppippi @glebedel