From f1514564f713858179a9aa7f04a897518db0a09a Mon Sep 17 00:00:00 2001 From: Kevin Cui Date: Mon, 29 Jun 2026 05:18:17 -0400 Subject: [PATCH] ci(dependabot): drop the broken swift ecosystem The `swift` package-ecosystem failed on every daily run since it was added (#32) and never opened a single PR. Dependabot's Swift updater only reads SPM manifests committed to the git tree (`Package.swift` plus the `Package.resolved` lockfile), but this repo has none: `*.xcodeproj` and `Package.resolved` are both gitignored, and the SPM dependencies are declared only in xcodegen's `project.yml`, which Dependabot cannot parse. So the scan finds nothing and aborts with `dependency_file_not_found: "No files found in /"`. Nothing is lost by removing it: the build commits no lockfile and resolves each package to the latest version within its major on every CI run, so the Swift updater had no pins to bump even in principle. The github-actions ecosystem is unaffected and keeps working. Signed-off-by: Kevin Cui --- .github/dependabot.yml | 29 +++-------------------------- 1 file changed, 3 insertions(+), 26 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 466fdce..6cc6815 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,6 @@ -# Dependabot keeps two dependency surfaces current. Commit prefixes and the -# `(deps)` scope follow the repo's Conventional Commits convention so the -# squash titles read like every other PR (`ci(deps): ...`, `build(deps): ...`). +# Dependabot keeps GitHub Actions current. Commit prefixes and the `(deps)` +# scope follow the repo's Conventional Commits convention so the squash +# titles read like every other PR (`ci(deps): ...`). # # cooldown: let a freshly released version soak for N days before its PR is # opened — supply-chain safety, so a malicious or broken release has time to @@ -26,26 +26,3 @@ updates: commit-message: prefix: "ci" include: "scope" - - # Swift Package Manager deps (Sparkle, KeyboardShortcuts, PermissionFlow). - # This project has no top-level Package.swift — xcodegen declares the - # packages in project.yml and the pins live in the Xcode project bundle - # (LockIME.xcodeproj/.../swiftpm/Package.resolved). Dependabot's Swift - # updater discovers that nested Package.resolved and reads the version - # rules from project.pbxproj (xcodegen's `from:` → "up to next major"), - # so it stays within each package's major and never proposes a major bump. - - package-ecosystem: "swift" - directory: "/" - schedule: - interval: "daily" - # swift also supports semver-major/minor/patch-days if you ever want - # majors to soak longer than patches; default-days: 3 keeps it uniform. - cooldown: - default-days: 3 - groups: - swift: - patterns: - - "*" - commit-message: - prefix: "build" - include: "scope"