From 4611506192e522326a50e6486c30dffe6e77e104 Mon Sep 17 00:00:00 2001 From: Heni Nechi Date: Fri, 15 May 2026 11:03:40 +0100 Subject: [PATCH 1/2] chore(ci): add Dependabot cooldown for pre-commit hooks (PTFM-24090) [skip ci] Adds Dependabot pre-commit ecosystem with a 7-day cooldown to slow down hook version updates and reduce noise from unstable releases. Ref: https://kpler.atlassian.net/browse/PTFM-24090 [skip ci] --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d0bf4e4..cf4e1db 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,3 +7,9 @@ updates: interval: "weekly" cooldown: # Reduce supply chain attack risk default-days: 7 + - package-ecosystem: "pre-commit" + directory: "/" + schedule: + interval: "weekly" + cooldown: + default-days: 7 From f9d46cfbf1bdfe686995a8fc25e0a1d66c1d81e7 Mon Sep 17 00:00:00 2001 From: Heni Nechi Date: Tue, 19 May 2026 09:59:20 +0100 Subject: [PATCH 2/2] chore(ci): add SHA pinning and grouping to pre-commit Dependabot config (PTFM-24090) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extends the Dependabot pre-commit configuration added in the previous commit: - SHA-pin all pre-commit hook revs (with version tag as inline comment) so Dependabot can keep them up-to-date via the # vX.Y.Z marker. - Add minor-and-patch grouping to batch minor/patch hook updates into one PR. - Add dependencies label and cooldown comment for consistency. - Remove the cron-update-pre-commit-hooks workflow (now superseded by Dependabot). Validated on Kpler/platform-demo-api — Dependabot detected the config and opened a SHA-update PR within minutes of merge. Ref: https://kpler.atlassian.net/browse/PTFM-24090 --- .github/dependabot.yml | 9 ++++++++- .pre-commit-config.yaml | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index cf4e1db..df79362 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,5 +11,12 @@ updates: directory: "/" schedule: interval: "weekly" - cooldown: + cooldown: # Reduce supply chain attacks risk default-days: 7 + labels: + - "dependencies" + groups: + minor-and-patch: + update-types: + - "minor" + - "patch" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5470379..e1cf161 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b # v5.0.0 hooks: - id: check-yaml - id: end-of-file-fixer @@ -8,7 +8,7 @@ repos: stages: [commit] - id: trailing-whitespace - repo: https://github.com/Lucas-C/pre-commit-hooks - rev: v1.5.5 + rev: a30f0d816e5062a67d87c8de753cfe499672b959 # v1.5.5 hooks: - id: forbid-crlf - id: remove-crlf