From 4279146b6d74d2a392028ac5ab2d599f51f39f13 Mon Sep 17 00:00:00 2001 From: Gk Date: Mon, 4 May 2026 11:17:20 -0700 Subject: [PATCH 1/2] chore(ci): add Mergify Dependabot batching + dependabot.yml Mirrors the pattern in cueapi-core / cueapi-cli / cueapi/cueapi: - .mergify.yml: 5-at-a-time Dependabot batch with 30 min max wait, gated on the new `Typecheck, Test, Build` check from #3. - .github/dependabot.yml: weekly Monday npm + GitHub Actions updates with patch+minor grouping. Mergify GitHub App is installed on the cueapi org with all-repositories access (since 2026-05-04T10:24); this config will activate on merge. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/dependabot.yml | 33 +++++++++++++++++++++++++++++++++ .mergify.yml | 31 +++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .mergify.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..de39762 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,33 @@ +version: 2 +updates: + # npm — TypeScript MCP server + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + open-pull-requests-limit: 10 + labels: ["dependencies", "security"] + # Group patch + minor updates into a single PR per package-ecosystem. + # Major bumps still get their own PR for human review. Mergify + # batches the resulting PR group via .mergify.yml's "dependencies" + # queue. + groups: + npm-minor-patch: + update-types: + - "minor" + - "patch" + + # GitHub Actions — workflow dependency updates (pinned by SHA) + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + open-pull-requests-limit: 5 + labels: ["dependencies", "ci"] + groups: + actions-minor-patch: + update-types: + - "minor" + - "patch" diff --git a/.mergify.yml b/.mergify.yml new file mode 100644 index 0000000..7827c57 --- /dev/null +++ b/.mergify.yml @@ -0,0 +1,31 @@ +# Mergify config — Dependabot batching for cueapi-mcp. +# +# Regular PRs are auto-merged via the maintainer when CI is green. +# Mergify's job here: batch Dependabot version-bump PRs so we don't +# burn N CI runs and N npm-publish triggers for what's effectively +# one weekly maintenance window. + +queue_rules: + - name: dependencies + # ``merge_method`` lives on the queue rule (Mergify v2). + merge_method: squash + batch_size: 5 + batch_max_wait_time: 30 m + merge_conditions: + # Mirrors the required check from .github/workflows/ci.yml. + # Update both together if the workflow's job name changes. + - check-success=Typecheck, Test, Build + +pull_request_rules: + - name: batch-merge Dependabot PRs + conditions: + - or: + - author=dependabot[bot] + - author=dependabot + - base=main + - -draft + - -conflict + - label=dependencies + actions: + queue: + name: dependencies From 585ae8ecbfea2d7543db8e2dbffcafdfd25938ae Mon Sep 17 00:00:00 2001 From: Gk Date: Mon, 4 May 2026 11:18:19 -0700 Subject: [PATCH 2/2] =?UTF-8?q?fix(ci):=20correct=20actions/setup-node=20S?= =?UTF-8?q?HA=20(was=20setup-python's=20SHA=20=E2=80=94=20copy-paste=20err?= =?UTF-8?q?or=20from=20#3)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The SHA f677139bbe7f9c59b41e40162b753c062f5d49a3 is for actions/setup-python@v5.3.0, not actions/setup-node. CI failed with "Unable to resolve action ... unable to find version" on every run since #3 merged. Replacing with actions/setup-node@v4.4.0's correct SHA so CI actually runs. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b516e07..32373ed 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.7 - - uses: actions/setup-node@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.3.0 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 20 cache: npm