Skip to content

Add a default cooldown of 7 days for GitHub Action updates#553

Open
dkotter wants to merge 1 commit into
WordPress:developfrom
dkotter:add/dependabot-cooldown
Open

Add a default cooldown of 7 days for GitHub Action updates#553
dkotter wants to merge 1 commit into
WordPress:developfrom
dkotter:add/dependabot-cooldown

Conversation

@dkotter
Copy link
Copy Markdown
Collaborator

@dkotter dkotter commented May 14, 2026
edited by github-actions Bot
Loading

What?

Adds a default cooldown of 7 days for GitHub Action updates via Dependabot.

Why?

Ensure Dependabot doesn't prompt us to update a package that was updated recently, leading to a higher risk for exploits.

See WordPress/performance#2277 for more details.

How?

Adds a cooldown config option for GitHub Action updates. Note we already have a cooldown option set for composer and npm updates

Use of AI Tools

None

Testing Instructions

n/a

Changelog Entry

Developer - Add a 7 day cooldown period for GitHub Action updates triggered by Dependabot.

Open WordPress Playground Preview

@dkotter dkotter added this to the 1.0.0 milestone May 14, 2026
@dkotter dkotter self-assigned this May 14, 2026
@dkotter dkotter requested review from jeffpaul and justlevine May 14, 2026 17:37
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: dkotter <dkotter@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@codecov
Copy link
Copy Markdown

codecov Bot commented May 14, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.20%. Comparing base (de6371e) to head (819f9d4).

Additional details and impacted files 
@@            Coverage Diff             @@
##             develop     #553   +/-   ##
==========================================
  Coverage      71.20%   71.20%           
  Complexity      1150     1150           
==========================================
  Files             67       67           
  Lines           5563     5563           
==========================================
  Hits            3961     3961           
  Misses          1602     1602
Flag Coverage Δ
unit 71.20% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jeffpaul jeffpaul moved this to Needs review in WordPress AI Planning & Roadmap May 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeffpaul jeffpaul jeffpaul approved these changes

@justlevine justlevine justlevine approved these changes

Assignees

@dkotter dkotter

Labels

None yet

Projects

WordPress AI Planning & Roadmap
Status: Needs review

Milestone

1.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@dkotter @jeffpaul @justlevine