Dependabot Enhancements:

- Ignore updating patch versions to focus on major and minor updates.
- Limit number of PRs opened.
- Add dependabot labeler workflow to add required labels to automatically add PRs to merge queues.
- Add merge_group condition on test workflows to be ran on merge queues.

Author: ChristianZaccaria

Diff for: .github/dependabot.yml

@@ -4,26 +4,39 @@
 version: 2
 updates:
   # This is to update requirements.txt files in the guided-demos, and e2e directories.
-  # The group configuration option is used to group updates for consistency across related directories.
   - package-ecosystem: "pip"
     directories:
       - "**/demo-notebooks/guided-demos*"
       - "/tests/e2e"
     schedule:
-      interval: "weekly"
-    groups:
-      requirements.txt:
-        patterns:
-          - "*"
-    open-pull-requests-limit: 10
+      interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-patch"]
+    open-pull-requests-limit: 4
     labels:
       - "test-guided-notebooks"
 
   # pip means poetry in this case, this keeps poetry.lock up to date with constraints in pyproject.toml.
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
+      interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-patch"]
+    open-pull-requests-limit: 1
     labels:
       - "test-guided-notebooks"
+
+  # npm means yarn in this case, this keeps yarn.lock up to date with constraints in package.json.
+  - package-ecosystem: "npm"
+    directory: "/ui-tests"
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-patch"]
+    open-pull-requests-limit: 1
+    labels:
+      - "test-ui-notebooks"

Diff for: .github/workflows/dependabot-labeler.yaml

@@ -0,0 +1,17 @@
+# This workflow file adds the 'lgtm' and 'approved' labels to Dependabot PRs
+# This is done to ensure that the PRs that pass e2e are automatically merged/added to merge-queues by the CodeFlare bot
+name: Dependabot Labeler
+
+on:
+  pull_request:
+
+jobs:
+    add-approve-lgtm-label:
+        if: github.actor == 'dependabot[bot]'
+        runs-on: ubuntu-latest
+        steps:
+            - name: Add approve and lgtm labels to Dependabot PR
+              run: |
+                  gh pr edit ${{ github.event.pull_request.number }} --add-label "lgtm" --add-label "approved"
+              env:
+                GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }}

Diff for: .github/workflows/e2e_tests.yaml

@@ -19,6 +19,7 @@ on:
       - '**.adoc'
       - '**.md'
       - 'LICENSE'
+  merge_group:
 
 concurrency:
   group: ${{ github.head_ref }}-${{ github.workflow }}

Diff for: .github/workflows/pre-commit.yaml

@@ -7,6 +7,7 @@ on:
       - 'v*'
   pull_request:
   workflow_dispatch:
+  merge_group:
 
 jobs:
   precommit:

Diff for: .github/workflows/unit-tests.yml

@@ -5,6 +5,7 @@ on:
     branches: [ main ]
   pull_request:
     branches: [ main ]
+  merge_group:
 
 jobs:
   unit-tests: