Skip to content

[github-actions] Ignore gh-aw-managed actions in dependabot config#25903

Merged
rolfbjarne merged 1 commit into
mainfrom
dev/rolf/fix-dependabot-ignore-ghaw-actions
Jul 1, 2026
Merged

[github-actions] Ignore gh-aw-managed actions in dependabot config#25903
rolfbjarne merged 1 commit into
mainfrom
dev/rolf/fix-dependabot-ignore-ghaw-actions

Conversation

@rolfbjarne

Copy link
Copy Markdown
Member

Actions like actions/cache/save, actions/cache/restore, actions/download-artifact,
and actions/setup-node are only used in gh-aw generated workflow files (*.lock.yml
and agentics-maintenance.yml). Dependabot should not bump these since they are
managed by the gh-aw compiler.

Fixes #25897
Fixes #25899

🤖 Pull request created by Copilot

Actions like actions/cache/save, actions/cache/restore, actions/download-artifact,
and actions/setup-node are only used in gh-aw generated workflow files (*.lock.yml
and agentics-maintenance.yml). Dependabot should not bump these since they are
managed by the gh-aw compiler.

Fixes #25897
Fixes #25899

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 1, 2026 18:23

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repository’s Dependabot configuration to stop proposing version bumps for GitHub Actions that are only referenced from gh-aw–generated workflow files, keeping those action versions managed exclusively by the gh-aw compiler.

Changes:

  • Extend .github/dependabot.yml ignore rules to cover actions/cache/**, actions/download-artifact, and actions/setup-node.
  • Add clarifying comments documenting that these actions appear only in gh-aw generated workflow files and should not be updated by Dependabot.

@rolfbjarne rolfbjarne merged commit 855705d into main Jul 1, 2026
12 checks passed
@rolfbjarne rolfbjarne deleted the dev/rolf/fix-dependabot-ignore-ghaw-actions branch July 1, 2026 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants