Skip to content

Add a dependabot configuration for the src/ sub-directory#292

Open
mcdonnnj wants to merge 2 commits into
developfrom
improvement/add_dependabot_configuration
Open

Add a dependabot configuration for the src/ sub-directory#292
mcdonnnj wants to merge 2 commits into
developfrom
improvement/add_dependabot_configuration

Conversation

@mcdonnnj

@mcdonnnj mcdonnnj commented Apr 18, 2026

Copy link
Copy Markdown
Member

🗣 Description

This pull request adds a configuration for the src/ sub-directory to the dependabot configuration file.

💭 Motivation and context

It doesn't not appear that the pipenv lockfile (Pipfile.lock) is currently being processed by dependabot. This configuration will hopefully ensure these dependencies receive automatic updates.

🧪 Testing

Automated tests pass.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@mcdonnnj
Add a dependabot configuration for the src/ sub-directory
1315b51 
This will ensure the pipenv configuration receives automatic updates.
This is necessary because the pipenv configuration files (Pipfile,
Pipfile.lock) are not tracked by the existing dependabot configuration
for the pip in the root directory.
@mcdonnnj mcdonnnj requested a review from Copilot April 18, 2026 16:08
@mcdonnnj mcdonnnj self-assigned this Apr 18, 2026
@mcdonnnj mcdonnnj added the improvement This issue or pull request will add or improve functionality, maintainability, or ease of use label Apr 18, 2026
@mcdonnnj mcdonnnj requested review from dav3r, felddy and jsf9k as code owners April 18, 2026 16:08
Copilot AI reviewed Apr 18, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a Dependabot update entry targeting the /src subdirectory so Python dependencies managed via src/Pipfile / src/Pipfile.lock can receive automated update PRs, aligning Dependabot coverage with the repository’s existing Python dependency management layout.

Changes:

  • Add a new Dependabot pip ecosystem configuration for the /src directory.
  • Schedule weekly update checks for /src Python dependencies (Pipenv lockfile).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-project-automation github-project-automation Bot moved this from In progress to Reviewer approved in Skeleton Maintenance Apr 20, 2026
@mcdonnnj
Adjust dependabot configuration for pip in /
b39cce9 
Update the entry for `/` to ignore the `src/` sub-directory. This will
allow the entry for `/src` to handle any `pip`-related dependencies for
that sub-directory.
@mcdonnnj mcdonnnj requested review from Copilot, dav3r and jsf9k May 30, 2026 08:05
Copilot AI reviewed May 30, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jsf9k jsf9k jsf9k approved these changes

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

Assignees

@mcdonnnj mcdonnnj

Labels

improvement This issue or pull request will add or improve functionality, maintainability, or ease of use

Projects

Next Kraken
Status: No status
Skeleton Maintenance
Status: Reviewer approved

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mcdonnnj @jsf9k @dav3r