Files
paperclip/.github/dependabot.yml
T
Devin Foley 9d1f1f5e33 revert(ci): remove dependabot dependency grouping (#7560)
## Thinking Path

> - Paperclip orchestrates AI agents for zero-human companies, so its
automation and CI surfaces need to stay reliable enough for agent-driven
maintenance work.
> - Dependabot configuration is part of that maintenance path because it
determines how dependency updates reach the repo and CI.
> - PR #7483 changed `.github/dependabot.yml` to group all npm
patch/minor updates by dependency type.
> - That immediately produced a 26-package grouped PR that was difficult
to merge and contradicted the board's decision to return to
one-PR-per-bump.
> - This pull request reverts only the grouping behavior while
preserving the rest of the Dependabot schedule, labels, limits, and
ignore rules.
> - The benefit is a narrower, more reviewable Dependabot flow that
restores the previous operational behavior without changing unrelated CI
settings.

## What Changed

- Removed the npm `groups:` block from `.github/dependabot.yml`.
- Left the existing weekly schedule, labels, open PR limit, and
major-version ignore rules unchanged.
- Isolated the revert onto a clean branch containing only commit
`446453516c` so this PR does not include unrelated local CI work.

## Verification

- `ruby -e 'require "yaml"; YAML.load_file(".github/dependabot.yml")'`
- `git diff --check origin/master..PAPA-522-revert-dependabot-grouping`
- Inspect the PR diff and confirm only `.github/dependabot.yml` changed.

## Risks

- Low risk. This only removes the grouping stanza and restores previous
Dependabot behavior.
- Operationally, this returns to a higher number of smaller Dependabot
PRs, which is the intended tradeoff for easier mergeability and triage.

> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.

## Model Used

- OpenAI Codex via the local `codex_local` Paperclip adapter,
GPT-5-based coding agent backend with tool use and shell execution
enabled. The exact backend model ID/context window is not exposed by
this adapter run.

## Checklist

- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [ ] I have run tests locally and they pass
- [ ] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [ ] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-06-04 21:54:17 -07:00

24 lines
530 B
YAML

version: 2
updates:
- package-ecosystem: npm
directory: "/"
schedule:
interval: weekly
day: monday
time: "06:00"
open-pull-requests-limit: 10
labels:
- "dependencies"
ignore:
# Ignore major version bumps — review those manually
- dependency-name: "*"
update-types: ["version-update:semver-major"]
- package-ecosystem: github-actions
directory: "/"
schedule:
interval: weekly
day: monday
time: "06:00"
open-pull-requests-limit: 5