Skip to content

chore: add ai-extensions to dependabot sync#23

Open
brooke-hamilton wants to merge 1 commit into
mainfrom
brooke-hamilton-add-ai-extensions-dependabot-sync
Open

chore: add ai-extensions to dependabot sync#23
brooke-hamilton wants to merge 1 commit into
mainfrom
brooke-hamilton-add-ai-extensions-dependabot-sync

Conversation

@brooke-hamilton

Copy link
Copy Markdown
Member

Summary

Adds radius-project/ai-extensions to the Dependabot section of .github/sync.yml so a dependabot.yml gets generated for it.

Rationale

ai-extensions was already in the main sync group but was missing from the Dependabot section, so no dependabot.yml was being generated for it.

It is a pnpm monorepo with three package.json manifests: /, /radius-core, and /adapters/canvas. The glob /adapters/* covers canvas plus any future adapter. pnpm is declared under type: npm — Dependabot has no separate pnpm ecosystem and auto-detects pnpm from pnpm-lock.yaml. It also has GitHub Actions workflows, so github-actions is included at the repo root.

Change

  - repos: |
      radius-project/ai-extensions
    files:
      - source: sync-templates/.github/dependabot.yml.njk
        dest: .github/dependabot.yml
        template:
          ecosystems:
            - type: github-actions
            - type: npm
              directories:
                - "/"
                - "/radius-core"
                - "/adapters/*"

Validated that .github/sync.yml still parses as valid YAML.

ai-extensions is a pnpm monorepo with package.json manifests at /, /radius-core, and /adapters/canvas. The /adapters/* glob covers canvas plus future adapters. pnpm is declared under type: npm (Dependabot auto-detects pnpm from pnpm-lock.yaml). github-actions is included for the repo's workflows. ai-extensions was already in the main sync group but missing from the Dependabot section, so no dependabot.yml was being generated for it.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Brooke Hamilton <45323234+brooke-hamilton@users.noreply.github.com>
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository sync configuration so that radius-project/ai-extensions receives a generated .github/dependabot.yml during the org-wide sync process, aligning it with other repos that already get Dependabot config via the shared template.

Changes:

  • Add radius-project/ai-extensions to the Dependabot section of .github/sync.yml.
  • Configure Dependabot generation for github-actions at repo root and npm updates across the monorepo paths (/, /radius-core, /adapters/*).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

pr:standard Standard pull request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants