ci(dependabot): fix cargo workspace updates and refresh lockfiles#629
ci(dependabot): fix cargo workspace updates and refresh lockfiles#629anakrish merged 7 commits intomicrosoft:mainfrom
Conversation
Remove nested Cargo workspace members from Dependabot's cargo directories to avoid manifest resolution failures during grouped updates. Add a Dependabot-only workflow that refreshes affected Cargo lockfiles, including the no_std target-specific resolution path, so CI can continue enforcing --locked and --frozen builds. Signed-off-by: Anand Krishnamoorthi <anakrish@microsoft.com>
There was a problem hiding this comment.
Pull request overview
This PR updates Dependabot configuration for Cargo workspaces and adds a Dependabot-only GitHub Actions workflow to regenerate Cargo lockfiles when Dependabot updates manifests, keeping CI builds compatible with --locked/--frozen.
Changes:
- Removed nested Cargo workspace directories from Dependabot’s
cargoupdate scope to prevent manifest resolution failures. - Added a
pull_request_targetworkflow that detects changed Cargo manifests/lockfiles and runscargo metadatato refresh relevantCargo.lockfiles, then commits/pushes the result.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
.github/workflows/dependabot-refresh-cargo-lockfiles.yml |
New workflow to refresh and commit Cargo lockfiles on Dependabot PRs. |
.github/dependabot.yml |
Removes nested Cargo directories from Dependabot update configuration to avoid workspace resolution issues. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Anand Krishnamoorthi <anakrish@microsoft.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Anand Krishnamoorthi <anakrish@microsoft.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Anand Krishnamoorthi <anakrish@microsoft.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Remove nested Cargo workspace members from Dependabot's cargo directories to avoid manifest resolution failures during grouped updates.
Add a Dependabot-only workflow that refreshes affected Cargo lockfiles, including the no_std target-specific resolution path, so CI can continue enforcing --locked and --frozen builds.