ci(dependabot): improve schedules

[busla]

...

Attach a link to issue if relevant

What

Specify what you're trying to achieve

Why

Specify why you need to achieve this

Screenshots / Gifs

Attach Screenshots / Gifs to help reviewers understand the scope of the pull request

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• Formatting passes locally with my changes
• I have rebased against main before asking for a review

Summary by CodeRabbit

• New Features

  • Introduced enhanced management for npm dependencies in a monorepo setup.
  • Added new sections for managing dependencies in the root and /infra directories.

• Improvements

  • Updated scheduling for dependency updates to run weekly at 04:00 UTC for GitHub Actions and 05:00 UTC for npm dependencies.
  • Implemented structured grouping for minor and patch updates, while ignoring major updates to prevent breaking changes.
  • Limited the number of open pull requests to two for each section for better organization.

• Bug Fixes

  • Improved organization and clarity of dependency management across the project.

[coderabbitai]

Walkthrough

The pull request modifies the .github/dependabot.yml configuration to enhance the management of npm dependencies and GitHub Actions in a monorepo setup. It introduces new sections for npm dependencies in the root and /infra directories, establishes a weekly update schedule for various components, and categorizes updates with commit message prefixes. The scheduling for GitHub Actions and CI Scripts dependencies is also updated to a weekly frequency, with structured grouping for minor and patch updates while ignoring major updates.

Changes

File Path	Change Summary
.github/dependabot.yml	- Added sections for npm dependencies in root and /infra directories with weekly update schedule. - Updated GitHub Actions and CI Scripts sections to weekly updates. - Structured grouping for minor/patch updates and ignored major updates.

Possibly related PRs

• chore: add dependabot to scripts #15440: This PR adds a new configuration for npm package ecosystem in the /scripts/ci/cache directory, which is directly related to the changes made in the main PR regarding npm dependencies management.
• fix(CI): Use own buildkit image for buildx #16716: This PR updates the GitHub Actions workflow configuration in the .github/workflows/push.yml file, which is relevant as the main PR also modifies GitHub Actions settings for dependency updates.

Suggested labels

deploy-feature

Suggested reviewers

• lodmfjord
• brynjarorng

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (3)

.github/dependabot.yml (3)

4-30: Consider weekly updates instead of daily for the root directory

For a monorepo setup, daily updates can generate too many PRs and create noise. Since you've configured weekly updates for other sections, consider aligning this section with the same schedule for consistency.

     schedule:
-      interval: daily
+      interval: weekly
+      day: 'monday'
       time: '04:00'
       timezone: 'Etc/UTC'

---

60-74: Consider grouping GitHub Actions updates

Adding a group configuration for GitHub Actions updates could help reduce PR noise by combining related updates.

     commit-message:
       prefix: 'chore(ci)'
     open-pull-requests-limit: 2
+    groups:
+      github-actions:
+        patterns:
+          - '*'
+        update-types:
+          - 'minor'
+          - 'patch'

---

4-114: Consider adding reviewer assignments

To streamline the review process, consider adding reviewers configuration to each section. This ensures that appropriate team members are automatically assigned to review dependency updates.

Example addition for each section:

    reviewers:
      - "team-name"  # Replace with actual team/username

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 53d02ef and 0de8a3e.

📒 Files selected for processing (1)

• .github/dependabot.yml (1 hunks)

🔇 Additional comments (1)

.github/dependabot.yml (1)

32-58: LGTM! Well-structured configuration for infrastructure dependencies

The weekly schedule, update grouping, and version constraints are appropriately configured for infrastructure dependencies.

[AndesKrrrrrrrrrrr]

Very nice ❤️

Consider removing quotes when not necessary (docs)

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

.github/dependabot.yml (2)

4-31: Consider using YAML anchors to reduce configuration duplication

The configuration is well-structured with appropriate grouping, scheduling, and version constraints. However, since similar patterns are repeated across sections, consider using YAML anchors to reduce duplication and improve maintainability.

Example refactor using YAML anchors:

version: 2

# Define common configurations as anchors
x-common-schedule: &common-schedule
  interval: weekly
  timezone: Etc/UTC
  day: saturday

x-common-labels: &common-labels
  - automerge
  - dependencies

x-common-groups: &common-groups
  minor-patch-dependencies:
    patterns:
      - '*'
    update-types:
      - minor
      - patch

x-common-ignore: &common-ignore
  - dependency-name: '*'
    update-types: ['version-update:semver-major']

updates:
  - package-ecosystem: npm
    directory: /
    schedule:
      <<: *common-schedule
      time: 02:00
    labels: *common-labels
    commit-message:
      prefix: chore(deps)
      prefix-development: chore(deps-dev)
    open-pull-requests-limit: 2
    groups: *common-groups
    ignore: *common-ignore
    versioning-strategy: increase

---

100-101: Consider using distinct commit message prefixes

Both the GitHub Actions npm dependencies and CI Scripts dependencies use the same prefix chore(ci-deps). Consider using more specific prefixes to distinguish between them:

# For GitHub Actions npm dependencies
    commit-message:
-     prefix: chore(ci-deps)
+     prefix: chore(ci-actions-deps)

# For CI Scripts dependencies
    commit-message:
-     prefix: chore(ci-deps)
+     prefix: chore(ci-scripts-deps)

Also applies to: 128-129

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 0de8a3e and 4a30a4c.

📒 Files selected for processing (1)

• .github/dependabot.yml (1 hunks)

🔇 Additional comments (3)

.github/dependabot.yml (3)

61-87: Improved GitHub Actions configuration with proper version constraints

The changes successfully address previous review comments by adding proper grouping for minor/patch updates and ignoring major updates to prevent breaking changes.

---

8-11: Well-designed update schedule

The staggered timing for different dependency updates (02:00-06:00 UTC on Saturdays) is a good practice that helps:

• Prevent overwhelming CI resources
• Make it easier to debug if issues occur
• Provide a clear update window for the team

Also applies to: 37-39, 65-68, 93-96, 121-124

---

44-45: Verify the commit message prefix strategy

The development dependencies prefix chore(deps-infra) differs from the root configuration's chore(deps-dev). Ensure this distinction is intentional and documented.

✅ Verification successful

Different prefix for infrastructure dependencies is acceptable

The distinction between chore(deps-infra) for infrastructure dependencies and chore(deps-dev) for root development dependencies is acceptable. This separation helps clearly distinguish between infrastructure-specific dependency updates and general development dependencies, making the commit history more organized and easier to track. No documentation of this prefix strategy is strictly necessary as the prefixes are self-explanatory in the context of the dependabot configuration.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if this prefix pattern is used consistently in the repository
rg -l "deps-infra" .

Length of output: 20

---

Script:

#!/bin/bash
# Search for any commit message prefixes in documentation or configuration
rg -i "chore\(deps[^)]*\)" .

# Check for any conventional commit documentation or configuration
fd -g "*commit*" -t f

Length of output: 424

---

Script:

#!/bin/bash
# Look for conventional commit configuration in common locations
fd -e json -e yaml -e yml -e config -x cat {} \; | rg -i "commit|deps|prefix"

# Check package.json files for commit-related configurations
fd package.json -x cat {} \; | rg -i "commit|deps|prefix"

Length of output: 3688

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 36.43%. Comparing base (c40a213) to head (4a30a4c).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #16803      +/-   ##
==========================================
- Coverage   36.44%   36.43%   -0.01%     
==========================================
  Files        6852     6852              
  Lines      143471   143492      +21     
  Branches    40946    40952       +6     
==========================================
+ Hits        52283    52287       +4     
- Misses      91188    91205      +17     

Flag	Coverage Δ
air-discount-scheme-web	0.00% <ø> (ø)
api	3.34% <ø> (ø)
application-api-files	62.45% <ø> (ø)
application-core	70.98% <ø> (-0.08%)	⬇️
application-system-api	40.97% <ø> (+<0.01%)	⬆️
application-template-api-modules	27.64% <ø> (+0.01%)	⬆️
application-templates-accident-notification	28.98% <ø> (ø)
application-templates-car-recycling	3.12% <ø> (ø)
application-templates-criminal-record	25.87% <ø> (ø)
application-templates-driving-license	18.26% <ø> (ø)
application-templates-estate	12.14% <ø> (ø)
application-templates-example-payment	24.80% <ø> (ø)
application-templates-financial-aid	15.48% <ø> (ø)
application-templates-general-petition	23.07% <ø> (ø)
application-templates-inheritance-report	6.52% <ø> (ø)
application-templates-marriage-conditions	15.04% <ø> (ø)
application-templates-mortgage-certificate	43.22% <ø> (ø)
application-templates-parental-leave	29.83% <ø> (ø)
application-types	6.60% <ø> (ø)
application-ui-components	1.27% <ø> (ø)
application-ui-shell	20.83% <ø> (-0.01%)	⬇️
auth-react	21.85% <ø> (ø)
clients-charge-fjs-v2	24.11% <ø> (ø)
contentful-apps	4.69% <ø> (ø)
financial-aid-backend	51.26% <ø> (ø)
financial-aid-shared	17.81% <ø> (ø)
island-ui-core	28.88% <ø> (ø)
judicial-system-web	27.13% <ø> (-0.36%)	⬇️
portals-admin-regulations-admin	1.85% <ø> (ø)
portals-core	15.89% <ø> (-0.02%)	⬇️
services-auth-personal-representative	45.56% <ø> (-0.03%)	⬇️
shared-components	26.90% <ø> (-0.02%)	⬇️
shared-form-fields	31.26% <ø> (-0.04%)	⬇️
web	1.80% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 4 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c40a213...4a30a4c. Read the comment docs.

[datadog-island-is]

Datadog Report

All test runs 2467118 🔗

✅ 34 Total Test Services: 0 Failed, 32 Passed
🔻 Test Sessions change in coverage: 2 decreased, 4 increased, 144 no change

Test Services

This report shows up to 10 services

Service Name	Failed	Known Flaky	New Flaky	Passed	Skipped	Total Time	Code Coverage Change	Test Service View
air-discount-scheme-web	0	0	0	2	0	6.9s	1 no change	Link
api	0	0	0	4	0	3.15s	1 no change	Link
application-api-files	0	0	0	2	0	5.18s	1 no change	Link
application-core	0	0	0	97	0	20.39s	1 decreased (-0.1%)	Link
application-system-api	0	0	0	112	2	3m 39.17s	1 no change	Link
application-template-api-modules	0	0	0	113	0	2m 31.37s	1 no change	Link
application-templates-accident-notification	0	0	0	148	0	20.12s	1 no change	Link
application-templates-criminal-record	0	0	0	2	0	11.88s	1 no change	Link
application-templates-driving-license	0	0	0	13	0	13.3s	1 no change	Link
application-templates-example-payment	0	0	0	2	0	10.3s	1 no change	Link

🔻 Code Coverage Decreases vs Default Branch (2)

• judicial-system-web - jest 31.39% (-0.38%) - Details
• application-core - jest 78.59% (-0.1%) - Details