ponder-lab / Hybridize-Functions-Refactoring / 25388690628
72%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 29
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 71.262%. Remained the same
25388690628

push

github

web-flow 
Drop broken dependabot auto-approve/auto-merge workflows; group bumps instead (#446)

* Drop broken dependabot auto-approve/auto-merge workflows; group bumps instead

The two workflows in `.github/workflows/dependabot-auto-{approve,merge}.yml`
have been silently no-op'ing for years:

1. **`dependabot-auto-merge.yml`** had its `if:` guard left as the literal
   placeholder from GitHub's docs example:
   `contains(steps.metadata.outputs.dependency-names, 'my-dependency')`.
   `'my-dependency'` was never customized to a real dependency name, so
   the merge step was always gated false. The workflow's *job* succeeded
   on every run (creating a false sense of automation), but the actual
   `gh pr merge --auto` call inside the conditional step never executed.

2. **Both workflows** triggered on `pull_request` instead of
   `pull_request_target`. Workflows fired by dependabot under
   `pull_request` get a read-only `GITHUB_TOKEN`, so even when the
   conditional reached the `gh` calls they would have failed silently.

In practice we have been hand-managing dependabot PRs the whole time —
review + `gh pr merge --auto` — and that's the right shape:

- Dependabot PRs need judgment that "auto-merge patch-only" doesn't
  capture (today: PR #418 was already superseded by main; #424 is a
  major skipping two majors; #425 mid-week shifted from a minor to a
  major bump target). The patch/minor/major axis isn't where the actual
  risk lives.
- Reviewing takes seconds once volume is low. The right knob is
  *reducing volume*, not automating-away review.

Replace the broken workflows with a grouped `dependabot.yml`:

- **Maven**: groups `org.apache.maven.plugins:*`, `org.codehaus.mojo:*`,
  `com.diffplug.spotless:*`, `com.puppycrawl.tools:*`, `org.jacoco:*`
  patch+minor updates into a single weekly PR. Major bumps stay
  individual (they need per-PR review anyway).
- **pip**: groups Python tooling patch+minor; keeps the `tensorflow`
  ignore (test corpus is pinned to... (continued)

1101 of 1545 relevant lines covered (71.26%)

0.71 hits per line

Jobs
ID Job ID Ran Files Coverage
1 25388690628.1 29
71.26
 GitHub Action Run
Source Files on build 25388690628