Skip to content

refactor: consolidate Dependabot dependency groups and remove placeholder pom.xml#2602

Open
ramsessanchez wants to merge 2 commits into
mainfrom
refactor/dependabot-dependency-groups
Open

refactor: consolidate Dependabot dependency groups and remove placeholder pom.xml#2602
ramsessanchez wants to merge 2 commits into
mainfrom
refactor/dependabot-dependency-groups

Conversation

@ramsessanchez
Copy link
Copy Markdown
Contributor

@ramsessanchez ramsessanchez commented May 20, 2026

Summary

Refactors the Dependabot configuration to reduce duplicate and noisy PRs by consolidating dependency groups across ecosystems.

Changes

Dependabot config (.github/dependabot.yml)

  • Consolidated from 4 entries to 2 — single \gradle\ entry + \github-actions\
  • Merged gradle directories — /, /java-8, and /android\ are now in one entry using the \directories\ key, so dependency bumps across these projects result in a single PR
  • Removed the \maven\ ecosystem entry — the \pom.xml\ was only a placeholder for the dependency graph, which is now handled by the Gradle dependency submission action
  • Added new dependency groups:
    • \microsoft-graph\ — groups \microsoft-graph-core\ and related packages
    • \�ndroid-build-tools\ — groups Android/Gradle plugin dependencies
    • \�ll-actions\ — groups all GitHub Actions updates into a single PR

Gradle dependency submission (.github/workflows/gradle-build.yml)

  • Added a \dependency-submission\ job that uses \gradle/actions/dependency-submission@v4\ to submit the Gradle dependency graph to GitHub on push to \main\
  • This replaces the role of the placeholder \pom.xml\ for powering GitHub's dependency graph and Dependabot security alerts

Cleanup

  • *Deleted \pom.xml* — no longer needed as a placeholder
  • *Removed pom.xml reference from
    elease-please-config.json*     — version bumps no longer need to update pom.xml
  • *Removed \�xclude 'pom.xml'\ from \�uild.gradle* — file no longer exists

Impact

  • Fewer Dependabot PRs (no more duplicates between maven/gradle ecosystems)
  • Better grouping of related dependency updates
  • Dependency graph now powered natively by Gradle instead of a manually-maintained pom.xml

@ramsessanchez
refactor: consolidate Dependabot dependency groups and remove placeho…
bd6c0bf 
…lder pom.xml

- Consolidate 4 Dependabot entries into 2 (single gradle + github-actions)
- Merge gradle directories (/, /java-8, /android) into one entry
- Remove maven ecosystem entry (pom.xml was only a placeholder)
- Add dependency groups: microsoft-graph, android-build-tools, all-actions
- Add Gradle dependency submission job to gradle-build.yml
- Delete placeholder pom.xml and clean up references

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@ramsessanchez ramsessanchez requested a review from a team as a code owner May 20, 2026 22:47
gavinbarron
gavinbarron previously approved these changes May 20, 2026
View reviewed changes
@ramsessanchez ramsessanchez requested a review from gavinbarron May 20, 2026 23:25
This was referenced May 20, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gavinbarron gavinbarron gavinbarron approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ramsessanchez @gavinbarron