From 7f312d83cd77092f535909bd59df87b8e6d95c30 Mon Sep 17 00:00:00 2001 From: Gert Goet Date: Wed, 17 Jun 2026 13:23:09 +0200 Subject: [PATCH 1/2] Manage GitHub Actions upgrades via Dependabot Add a github-actions Dependabot config (weekly, grouped) and SHA-pin ci.yml so Dependabot tracks both workflows by digest. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/dependabot.yml | 10 ++++++++++ .github/workflows/ci.yml | 4 ++-- 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..09c446a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index eee8394..38f6b1b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,8 +14,8 @@ jobs: matrix: ruby: ["3.3", "3.4", "head"] steps: - - uses: actions/checkout@v4 - - uses: ruby/setup-ruby@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: ruby/setup-ruby@89f90524b88a01fe6e0b732220432cc6142926af # v1.313.0 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true From fcc07b945cef926927167a5a7a66ce7ba7385aee Mon Sep 17 00:00:00 2001 From: Gert Goet Date: Wed, 17 Jun 2026 13:39:05 +0200 Subject: [PATCH 2/2] Extend Dependabot to Bundler and widen CI Ruby matrix Add a bundler ecosystem entry (weekly, grouped) so gem deps also get PR-based upgrades. Test Ruby 3.1/3.2 in addition to 3.3/3.4/4.0/head. Kept minitest at ~> 5.0: minitest 6 requires Ruby >= 3.2, which would drop the gem's 3.1 support. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/dependabot.yml | 8 ++++++++ .github/workflows/ci.yml | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 09c446a..51ea3b1 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,3 +8,11 @@ updates: github-actions: patterns: - "*" + - package-ecosystem: bundler + directory: "/" + schedule: + interval: weekly + groups: + bundler: + patterns: + - "*" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 38f6b1b..cde85c5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: strategy: fail-fast: false matrix: - ruby: ["3.3", "3.4", "head"] + ruby: ["3.1", "3.2", "3.3", "3.4", "4.0", "head"] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ruby/setup-ruby@89f90524b88a01fe6e0b732220432cc6142926af # v1.313.0