From 360a988a1a91e349360a96399bf5fcac49ad52e5 Mon Sep 17 00:00:00 2001
From: Davide D'Alto <davide@hibernate.org>
Date: Mon, 1 Sep 2025 15:12:31 +0200
Subject: [PATCH 1/2] Enable dependabot for 4.1 branch

---
 .github/dependabot.yml | 51 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 2bd93c7b7..00c13f466 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -118,6 +118,57 @@ updates:
     allow:
       - dependency-type: "all"
 
+  #################################################################################
+  # Duplicate the package-ecosystems for main because we want to target branch 4.1
+  # and dependabot doesn't support YAML aliases and anchors at the moment
+  #################################################################################
+  - package-ecosystem: "gradle"
+    directory: "/"
+    target-branch: "4.1"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+    open-pull-requests-limit: 20
+    groups:
+      hibernate-validator:
+        patterns:
+          - "org.hibernate.validator*"
+          - "org.glassfish.expressly*"
+      hibernate:
+        patterns:
+          - "org.hibernate*"
+      vertx:
+        patterns:
+          - "io.vertx*"
+      mutiny:
+        patterns:
+          - "io.smallrye.reactive*"
+      testcontainers:
+        patterns:
+          - "org.testcontainers*"
+          - "com.ibm.db2*"
+          - "com.microsoft.sqlserver*"
+          - "org.postgresql*"
+          - "con.ongres.scram*"
+          - "com.fasterxml.jackson.core*"
+          - "com.mysql*"
+          - "org.mariadb.jdbc*"
+    ignore:
+      - dependency-name: "org.glassfish.expressly*"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "org.hibernate*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "io.vertx*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+
+  - package-ecosystem: "docker"
+    directory: "/tooling/docker"
+    target-branch: "3.1"
+    schedule:
+      interval: "weekly"
+    allow:
+      - dependency-type: "all"
+
 #################################################################################
 # Duplicate the package-ecosystems for main because we want to target branch 3.1
 # and dependabot doesn't support YAML aliases and anchors at the moment

From 9ee9a06976954edea2a1ab9e865c7a76f556c6c2 Mon Sep 17 00:00:00 2001
From: Davide D'Alto <davide@hibernate.org>
Date: Mon, 1 Sep 2025 15:15:58 +0200
Subject: [PATCH 2/2] CodeQL should run anytime we update a 4.* or 3.* branch

---
 .github/workflows/codeql.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 7ff8f2b1a..0e385da45 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -2,9 +2,9 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "main", "4.0", "3.1", "3.0", "2.4" ]
+    branches: [ "main", "4.*", "3.*", "2.4" ]
   pull_request:
-    branches: [ "main", "4.0", "3.1", "3.0", "2.4" ]
+    branches: [ "main", "4.*", "3.*", "2.4" ]
   schedule:
     - cron: "59 17 * * 2"