mirror of
https://github.com/johnkerl/miller.git
synced 2026-07-17 16:38:54 +00:00
Group codeql-action Dependabot bumps to keep init/autobuild/analyze in sync
The workflow pins all three codeql-action steps to the same commit SHA, but Dependabot was opening separate PRs per action path, so merging just one broke CI with a CodeQL config-version mismatch. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
This commit is contained in:
parent
ed9a61702c
commit
aa831d0b89
1 changed files with 7 additions and 0 deletions
7
.github/dependabot.yml
vendored
7
.github/dependabot.yml
vendored
|
|
@ -10,6 +10,13 @@ updates:
|
|||
directory: "/"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
groups:
|
||||
# The codeql-analysis.yml workflow pins init/autobuild/analyze to the
|
||||
# same commit SHA, so they must be bumped together or CI breaks with a
|
||||
# CodeQL config-version mismatch.
|
||||
codeql-action:
|
||||
patterns:
|
||||
- "github/codeql-action/*"
|
||||
|
||||
# Maintain dependencies for Go
|
||||
- package-ecosystem: "gomod"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue