This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow-steward.git
The following commit(s) were added to refs/heads/main by this push:
new 570cf05 chore(dependabot): collapse 9 uv entries into 1 group (#400)
570cf05 is described below
commit 570cf054fd62a219369adcdfd575e0a81e124cf1
Author: Jarek Potiuk <[email protected]>
AuthorDate: Sat May 30 21:43:01 2026 +0200
chore(dependabot): collapse 9 uv entries into 1 group (#400)
Consolidate the nine separate `uv` `package-ecosystem` entries in
.github/dependabot.yml into a single entry using `directories:`
(plural) + one `python-deps` group. Dependabot writes per-directory
lockfile updates inside a single weekly PR for the whole group, so
the framework's weekly Dependabot output collapses from up to 11
PRs (1 github-actions + 1 pre-commit + 9 uv) down to up to 3.
Each tool's lockfile still resolves independently — the dependency
resolver runs per-directory inside the consolidated update job;
only the PR boundary is unified.
Why: reduces review-queue noise. The trade-off is that a single
weekly Dependabot PR now touches multiple lockfiles, but every
project's CI block (ruff/mypy/pytest under `tools/<name>/`) still
fires on its own directory's changes so per-tool regressions still
surface independently.
No changes to:
- github-actions ecosystem (unchanged — already a single entry)
- pre-commit ecosystem (unchanged — already a single entry)
- 7-day cooldown windows for any ecosystem
- `[tool.uv] exclude-newer = "7 days"` in root pyproject.toml or
the per-lockfile `exclude-newer-span = "P7D"` baked into every
uv.lock.
Generated-by: Claude Code (Opus 4.7)
---
.github/dependabot.yml | 134 +++++++------------------------------------------
1 file changed, 17 insertions(+), 117 deletions(-)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c102462..ceab9f4 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -58,123 +58,23 @@ updates:
patterns:
- "*"
- # Root framework project — currently just `prek` as a dev dep,
- # tracked here so the version bound in pyproject.toml stays in
- # step with upstream releases.
+ # All Python projects in this repo, consolidated into one update
+ # entry with `directories:` (plural). Dependabot writes per-directory
+ # inside a SINGLE weekly PR per group, so this collapses what was
+ # previously nine independent uv PRs into one. Each tool's lockfile
+ # still updates correctly — the resolver runs per-directory; only the
+ # PR boundary is unified.
- package-ecosystem: "uv"
- directory: "/"
- schedule:
- interval: "weekly"
- cooldown:
- default-days: 7
- semver-major-days: 7
- semver-minor-days: 7
- semver-patch-days: 7
- groups:
- framework-deps:
- patterns:
- - "*"
-
- - package-ecosystem: "uv"
- directory: "/tools/privacy-llm/checker"
- schedule:
- interval: "weekly"
- cooldown:
- default-days: 7
- semver-major-days: 7
- semver-minor-days: 7
- semver-patch-days: 7
- groups:
- privacy-llm-checker-deps:
- patterns:
- - "*"
-
- - package-ecosystem: "uv"
- directory: "/tools/privacy-llm/redactor"
- schedule:
- interval: "weekly"
- cooldown:
- default-days: 7
- semver-major-days: 7
- semver-minor-days: 7
- semver-patch-days: 7
- groups:
- privacy-llm-redactor-deps:
- patterns:
- - "*"
-
- - package-ecosystem: "uv"
- directory: "/tools/sandbox-lint"
- schedule:
- interval: "weekly"
- cooldown:
- default-days: 7
- semver-major-days: 7
- semver-minor-days: 7
- semver-patch-days: 7
- groups:
- sandbox-lint-deps:
- patterns:
- - "*"
-
- - package-ecosystem: "uv"
- directory: "/tools/skill-evals"
- schedule:
- interval: "weekly"
- cooldown:
- default-days: 7
- semver-major-days: 7
- semver-minor-days: 7
- semver-patch-days: 7
- groups:
- skill-evals-deps:
- patterns:
- - "*"
-
- - package-ecosystem: "uv"
- directory: "/tools/skill-and-tool-validator"
- schedule:
- interval: "weekly"
- cooldown:
- default-days: 7
- semver-major-days: 7
- semver-minor-days: 7
- semver-patch-days: 7
- groups:
- skill-and-tool-validator-deps:
- patterns:
- - "*"
-
- - package-ecosystem: "uv"
- directory: "/tools/gmail/oauth-draft"
- schedule:
- interval: "weekly"
- cooldown:
- default-days: 7
- semver-major-days: 7
- semver-minor-days: 7
- semver-patch-days: 7
- groups:
- oauth-draft-deps:
- patterns:
- - "*"
-
- - package-ecosystem: "uv"
- directory: "/tools/cve-tool-vulnogram/generate-cve-json"
- schedule:
- interval: "weekly"
- cooldown:
- default-days: 7
- semver-major-days: 7
- semver-minor-days: 7
- semver-patch-days: 7
- groups:
- generate-cve-json-deps:
- patterns:
- - "*"
-
- - package-ecosystem: "uv"
- directory: "/tools/cve-tool-vulnogram/oauth-api"
+ directories:
+ - "/"
+ - "/tools/privacy-llm/checker"
+ - "/tools/privacy-llm/redactor"
+ - "/tools/sandbox-lint"
+ - "/tools/skill-evals"
+ - "/tools/skill-and-tool-validator"
+ - "/tools/gmail/oauth-draft"
+ - "/tools/cve-tool-vulnogram/generate-cve-json"
+ - "/tools/cve-tool-vulnogram/oauth-api"
schedule:
interval: "weekly"
cooldown:
@@ -183,6 +83,6 @@ updates:
semver-minor-days: 7
semver-patch-days: 7
groups:
- vulnogram-oauth-api-deps:
+ python-deps:
patterns:
- "*"
