Skip to content

chore: add dependabot config #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
yakimoto wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: add dependabot config #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
version: 2
updates:
- package-ecosystem: npm
directory: /sdk-quickstart
schedule:
interval: weekly
- package-ecosystem: npm
directory: /mcp-server-setup
schedule:
interval: weekly
- package-ecosystem: npm
directory: /adk-hello-agent
schedule:
interval: weekly
Comment on lines +3 to +14
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check for workspace configuration in package.json files

echo "=== Checking for npm workspace setup ==="

# Check root package.json for workspaces field
if [ -f package.json ]; then
  echo "Root package.json:"
  cat package.json | jq -r 'if .workspaces then "Workspaces: \(.workspaces)" else "No workspaces field" end'
fi

echo -e "\n=== Checking each directory's package.json ==="
for dir in sdk-quickstart mcp-server-setup adk-hello-agent; do
  if [ -f "$dir/package.json" ]; then
    echo -e "\n$dir/package.json exists"
    cat "$dir/package.json" | jq -r '.name // "no name"' | sed 's/^/  Package name: /'
  else
    echo -e "\n$dir/package.json NOT FOUND"
  fi
done

echo -e "\n=== Checking for lockfiles ==="
fd -t f 'package-lock.json|yarn.lock|pnpm-lock.yaml' -x echo "Found: {}"

Repository: wave-av/examples

Length of output: 430

Remove /mcp-server-setup from Dependabot configuration or add a package.json file to that directory.

The configuration for /mcp-server-setup will not work—Dependabot requires a package.json file in each configured directory to manage dependencies. Only /sdk-quickstart and /adk-hello-agent have package.json files.

To fix:

  1. Either remove the /mcp-server-setup entry from .github/dependabot.yml
  2. Or add a package.json file to /mcp-server-setup if it should have npm dependencies managed

Additionally, consider these improvements for the remaining directories:

  • Add open-pull-requests-limit to prevent excessive simultaneous PRs:
- package-ecosystem: npm
  directory: /sdk-quickstart
  schedule:
    interval: weekly
  open-pull-requests-limit: 10
  • Add grouping rules to batch dependency updates by type and reduce PR noise
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/dependabot.yml around lines 3 - 14, The dependabot config contains
an entry for /mcp-server-setup but that directory lacks a package.json so
Dependabot will fail; either remove the /mcp-server-setup stanza from
.github/dependabot.yml or add a valid package.json to /mcp-server-setup so npm
updates can run, and for the remaining entries (e.g., /sdk-quickstart and
/adk-hello-agent) add an open-pull-requests-limit setting
(open-pull-requests-limit: 10) and optional grouping rules to batch updates by
type to reduce PR noise.

Loading