From 9d1f1f5e335bc775d3101ef8962c7b42aa84aa02 Mon Sep 17 00:00:00 2001 From: Devin Foley Date: Thu, 4 Jun 2026 21:54:17 -0700 Subject: [PATCH] revert(ci): remove dependabot dependency grouping (#7560) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies, so its automation and CI surfaces need to stay reliable enough for agent-driven maintenance work. > - Dependabot configuration is part of that maintenance path because it determines how dependency updates reach the repo and CI. > - PR #7483 changed `.github/dependabot.yml` to group all npm patch/minor updates by dependency type. > - That immediately produced a 26-package grouped PR that was difficult to merge and contradicted the board's decision to return to one-PR-per-bump. > - This pull request reverts only the grouping behavior while preserving the rest of the Dependabot schedule, labels, limits, and ignore rules. > - The benefit is a narrower, more reviewable Dependabot flow that restores the previous operational behavior without changing unrelated CI settings. ## What Changed - Removed the npm `groups:` block from `.github/dependabot.yml`. - Left the existing weekly schedule, labels, open PR limit, and major-version ignore rules unchanged. - Isolated the revert onto a clean branch containing only commit `446453516c` so this PR does not include unrelated local CI work. ## Verification - `ruby -e 'require "yaml"; YAML.load_file(".github/dependabot.yml")'` - `git diff --check origin/master..PAPA-522-revert-dependabot-grouping` - Inspect the PR diff and confirm only `.github/dependabot.yml` changed. ## Risks - Low risk. This only removes the grouping stanza and restores previous Dependabot behavior. - Operationally, this returns to a higher number of smaller Dependabot PRs, which is the intended tradeoff for easier mergeability and triage. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex via the local `codex_local` Paperclip adapter, GPT-5-based coding agent backend with tool use and shell execution enabled. The exact backend model ID/context window is not exposed by this adapter run. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [ ] I have run tests locally and they pass - [ ] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [ ] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --- .github/dependabot.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fac123de..ff0b3514 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,18 +9,6 @@ updates: open-pull-requests-limit: 10 labels: - "dependencies" - groups: - # Bundle all patch/minor updates of the same dependency type into one - # weekly PR. Prevents partial bumps of sibling packages that share - # peer dependencies (e.g. lexical + @lexical/*), which otherwise - # install two copies of the core package and break type-checking. - # Majors stay as individual PRs (and are ignored below anyway). - production-dependencies: - dependency-type: "production" - update-types: ["patch", "minor"] - development-dependencies: - dependency-type: "development" - update-types: ["patch", "minor"] ignore: # Ignore major version bumps — review those manually - dependency-name: "*"