feat: implement smart Dependabot dependency grouping to reduce PR noise #583
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: teolemon <1689815+teolemon@users.noreply.github.com>
Copilot
AI
changed the title
Copilot finished work on behalf of
teolemon
August 26, 2025 15:52
teolemon
approved these changes
Aug 26, 2025
github-project-automation
bot
moved this from New issues
to Done
in 🧬✎ Taxonomy Editor (General)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
The current Dependabot configuration creates individual PRs for each dependency update, leading to significant noise and maintenance overhead. For a project with multiple package ecosystems (Python, npm, Docker, GitHub Actions), this could result in 20-30+ individual PRs monthly, making it difficult for maintainers to review and manage dependency updates effectively.
Solution
This PR implements a comprehensive smart grouping strategy for Dependabot that reduces PR noise while maintaining security and proper review processes:
🔧 Enhanced Coverage
/backendpackage.json🏷️ Smart Grouping Strategy
Dependencies are now grouped by type and impact level:
Python Backend:
python-runtime: Core dependencies (FastAPI, Neo4j, uvicorn) - minor/patch updatespython-dev-tools: Development tools (black, pytest, flake8) - minor/patch updatespython-major: All major updates (separate for careful review)Frontend:
frontend-runtime: React, MUI, routing libraries - minor/patch updatesfrontend-dev-tools: TypeScript, ESLint, Vite, testing tools - minor/patch updatesfrontend-major: All major updates (separate for careful review)Infrastructure:
github-actions: CI/CD workflow updates - minor/patch groupeddocker-images: Base image updates - minor/patch groupedroot-dev-tools: Configuration tools like Prettier - minor/patch grouped📊 Expected Impact
Before: 20-30+ individual PRs monthly
After: ~6-10 grouped PRs monthly
dependencieslabel📚 Documentation
Added
.github/dependabot-groups.mdexplaining the grouping strategy and rationale for future maintainers.This approach balances staying current with dependencies while significantly reducing maintenance overhead and reviewer fatigue.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.