(logging-log4j2) branch 2.x updated: Group Dependabot PRs and remove `merge-dependabot` (#3990)

pkarwasz Thu, 11 Dec 2025 11:48:35 -0800

This is an automated email from the ASF dual-hosted git repository.

pkarwasz pushed a commit to branch 2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git



The following commit(s) were added to refs/heads/2.x by this push:
     new a6bc86ed2e Group Dependabot PRs and remove `merge-dependabot` (#3990)
a6bc86ed2e is described below

commit a6bc86ed2e7a3ecfca68e65c8958536a4157e184
Author: Piotr P. Karwasz <[email protected]>
AuthorDate: Thu Dec 11 20:47:49 2025 +0100

    Group Dependabot PRs and remove `merge-dependabot` (#3990)
    
    This change adds grouping to all dependabot configurations to limit the
    number of open PRs to one.
    
    It also removes the `merge-dependabot` workflow, which is no longer
    useful in case of grouped upgrades.
---
 .github/dependabot.yaml                 | 90 +++++++++++++--------------------
 .github/workflows/build.yaml            |  1 -
 .github/workflows/merge-dependabot.yaml | 52 -------------------
 3 files changed, 34 insertions(+), 109 deletions(-)

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
index 6c73c48d8d..739cbc2728 100644
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -44,48 +44,17 @@ registries:
 updates:
 
   - package-ecosystem: maven
-    directories:
-      - "/log4j-1.2-api"
-      - "/log4j-api-test"
-      - "/log4j-api"
-      - "/log4j-appserver"
-      - "/log4j-cassandra"
-      - "/log4j-core-fuzz-test"
-      - "/log4j-core-its"
-      - "/log4j-core-test"
-      - "/log4j-core"
-      - "/log4j-couchdb"
-      - "/log4j-docker"
-      - "/log4j-fuzz-test"
-      - "/log4j-iostreams"
-      - "/log4j-jakarta-jms"
-      - "/log4j-jakarta-smtp"
-      - "/log4j-jakarta-web"
-      - "/log4j-jcl"
-      - "/log4j-jdbc-dbcp2"
-      - "/log4j-jpa"
-      - "/log4j-jpl"
-      - "/log4j-jul"
-      - "/log4j-layout-template-json-fuzz-test"
-      - "/log4j-layout-template-json-test"
-      - "/log4j-layout-template-json"
-      - "/log4j-mongodb"
-        # `log4j-mongodb4` is in a separate run
-      - "/log4j-osgi-test"
-      - "/log4j-parent"
-      - "/log4j-perf-test"
-        # `log4j-slf4j-impl` is in a separate run
-      - "/log4j-slf4j2-impl-fuzz-test"
-      - "/log4j-slf4j2-impl"
-      - "/log4j-spring-boot"
-      - "/log4j-spring-cloud-config-client"
-      - "/log4j-taglib"
-      - "/log4j-to-jul"
-      - "/log4j-to-slf4j"
-      - "/log4j-web"
-    open-pull-requests-limit: 10
+    directory: "/"
+    exclude-paths:
+      # These use versions of MongoDB and SLF4J different
+      # from the remaining artifacts
+      - "/log4j-mongodb4"
+      - "/log4j-slf4j-impl"
     schedule:
-      interval: "daily"
+      interval: "monthly"
+    groups:
+      dependencies:
+        patterns: [ "*" ]
     target-branch: "2.x"
     registries:
       - maven-central
@@ -166,9 +135,11 @@ updates:
   - package-ecosystem: maven
     directories:
       - "/log4j-mongodb4"
-    open-pull-requests-limit: 10
     schedule:
-      interval: "daily"
+      interval: "monthly"
+    groups:
+      dependencies:
+        patterns: [ "*" ]
     target-branch: "2.x"
     registries:
       - maven-central
@@ -180,20 +151,19 @@ updates:
   - package-ecosystem: github-actions
     directory: "/"
     schedule:
-      interval: "daily"
-    target-branch: "2.x"
-
-  - package-ecosystem: npm
-    directory: "/"
-    schedule:
-      interval: "daily"
+      interval: "monthly"
+    groups:
+      dependencies:
+        patterns: [ "*" ]
     target-branch: "2.x"
 
   - package-ecosystem: maven
     directory: "/"
-    open-pull-requests-limit: 10
     schedule:
-      interval: "daily"
+      interval: "monthly"
+    groups:
+      dependencies:
+        patterns: [ "*" ]
     target-branch: "main"
     registries:
       - maven-central
@@ -222,9 +192,11 @@ updates:
   - package-ecosystem: maven
     directories:
       - "/log4j-slf4j-impl"
-    open-pull-requests-limit: 10
     schedule:
-      interval: "daily"
+      interval: "monthly"
+    groups:
+      dependencies:
+        patterns: [ "*" ]
     target-branch: "main"
     registries:
       - maven-central
@@ -236,11 +208,17 @@ updates:
   - package-ecosystem: github-actions
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "monthly"
+    groups:
+      dependencies:
+        patterns: [ "*" ]
     target-branch: "main"
 
   - package-ecosystem: npm
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "monthly"
+    groups:
+      dependencies:
+        patterns: [ "*" ]
     target-branch: "main"
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index e76d34669d..42d44a60ce 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -29,7 +29,6 @@ permissions: read-all
 jobs:
 
   build:
-    if: github.actor != 'dependabot[bot]'
     uses: 
apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.1.1
     secrets:
       DV_ACCESS_TOKEN: ${{ startsWith(github.ref_name, 'release/') && '' || 
secrets.DEVELOCITY_ACCESS_KEY }}
diff --git a/.github/workflows/merge-dependabot.yaml 
b/.github/workflows/merge-dependabot.yaml
deleted file mode 100644
index 134d18b1a0..0000000000
--- a/.github/workflows/merge-dependabot.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-name: merge-dependabot
-
-on:
-  pull_request_target:
-    paths-ignore:
-      - "**.adoc"
-      - "**.md"
-      - "**.txt"
-
-permissions: read-all
-
-jobs:
-
-  build:
-    if: github.repository == 'apache/logging-log4j2' && github.event_name == 
'pull_request_target' && github.actor == 'dependabot[bot]'
-    uses: 
apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.1.1
-    secrets:
-      DV_ACCESS_TOKEN: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
-    with:
-      java-version: |
-        8
-        17
-      develocity-enabled: true
-      reproducibility-check-enabled: false
-
-  merge-dependabot:
-    needs: build
-    uses: 
apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/12.1.1
-    with:
-      java-version: 17
-    permissions:
-      contents: write                                             # to push 
changelog commits
-      pull-requests: write                                        # to close 
the PR
-    secrets:
-      GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}       # to sign 
commits

(logging-log4j2) branch 2.x updated: Group Dependabot PRs and remove `merge-dependabot` (#3990)

Reply via email to