Skip to content

Add dependabot config to update go and dependencies#23

Merged
silv-io merged 2 commits intomainfrom
add-dependabot-conifg
Feb 13, 2026
Merged

Add dependabot config to update go and dependencies#23
silv-io merged 2 commits intomainfrom
add-dependabot-conifg

Conversation

@silv-io
Copy link
Member

@silv-io silv-io commented Feb 12, 2026
edited
Loading

Go 1.26 is out. Would be nice to have an action just upgrading it for us and also our dependencies via dependabot while we're at it.

@coderabbitai
Copy link

coderabbitai bot commented Feb 12, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Adds Dependabot config and a new GitHub Actions workflow that runs weekly (cron) or manually to upgrade the Go toolchain, run go mod tidy, and open a dependency upgrade pull request.

Changes

Cohort / File(s) Summary
Dependabot configuration
​.github/dependabot.yml		 Adds Dependabot config to run daily updates for gomod and github-actions with an open PR limit of 10 and specified schedules.
Weekly Go upgrade workflow
​.github/workflows/weekly-go-upgrade.yml		 Adds a workflow triggered by cron (Mondays 08:00 UTC) and manual dispatch that checks out the repo, reads Go version from go.mod, installs latest Go via actions/setup-go@v6, runs go mod tidy, and creates a PR chore/weekly-go-upgrade using peter-evans/create-pull-request@v7. Review branch naming, schedule, action versions, and PR labels/body.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Scheduler as GitHub Cron / Manual
participant Runner as Actions Runner
participant Repo as Repository
participant GoSetup as actions/setup-go@v6
participant PRCreate as peter-evans/create-pull-request@v7

Scheduler->>Runner: trigger workflow (cron or manual)
Runner->>Repo: checkout code (actions/checkout@v6)
Runner->>Repo: read go.mod to determine Go version
Runner->>GoSetup: install latest Go toolchain
Runner->>Repo: run go mod tidy
Runner->>PRCreate: create PR branch chore/weekly-go-upgrade and open PR
PRCreate->>Repo: push branch, create PR, apply labels

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely summarizes the main changes: adding dependabot configuration to update Go and dependencies, which matches the changeset contents.
Description check ✅ Passed The description is related to the changeset, mentioning Go 1.26 release and the desire for automated dependency updates via dependabot, which aligns with the files added.
Merge Conflict Detection ✅ Passed ✅ No merge conflicts detected when merging into main

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch add-dependabot-conifg

No actionable comments were generated in the recent review. 🎉

Comment @coderabbitai help to get the list of available commands and usage tips.

@silv-io silv-io marked this pull request as ready for review February 12, 2026 13:38
carole-lavillonniere
carole-lavillonniere reviewed Feb 12, 2026
View reviewed changes
@silv-io silv-io force-pushed the add-dependabot-conifg branch from 636ef53 to 7ec3169 Compare February 13, 2026 17:25
@silv-io silv-io enabled auto-merge (squash) February 13, 2026 17:27
@silv-io silv-io merged commit c7dd264 into main Feb 13, 2026
10 checks passed
@silv-io silv-io deleted the add-dependabot-conifg branch February 13, 2026 18:53
@coderabbitai coderabbitai bot mentioned this pull request Feb 13, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carole-lavillonniere carole-lavillonniere carole-lavillonniere approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@silv-io @carole-lavillonniere