Skip to content

Fix DEPENDENCIES.md CI/CD workflow description #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
perNyfelt merged 2 commits into from
Dec 16, 2025
Merged

Fix DEPENDENCIES.md CI/CD workflow description #10

perNyfelt merged 2 commits into from
Dec 16, 2025

Conversation

Copy link
Contributor

Copilot AI commented Dec 16, 2025
edited
Loading

The documentation incorrectly stated that dependency checks run on each push, but the actual workflow only runs them on schedule or manual dispatch.

Changes:

  • Updated docs/DEPENDENCIES.md to accurately reflect that the dependency-check job runs on schedule or workflow_dispatch events, not on push
  • Replaced incorrect step-level examples with the actual job structure from ci.yml
  • Added rationale for the scheduled approach

Before:

- name: Check dependencies
  run: ./gradlew dependencyUpdates

After:

dependency-check:
  runs-on: ubuntu-latest
  if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'

  steps:
    - name: Check for dependency updates
      run: ./gradlew dependencyUpdates

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI mentioned this pull request Dec 16, 2025
Merged
@perNyfelt
Fix DEPENDENCIES.md to accurately reflect CI workflow behavior
33fc340 
Co-authored-by: perNyfelt <13261538+perNyfelt@users.noreply.github.com>
Copilot AI changed the title [WIP] WIP address feedback on security and dependencies PR Fix DEPENDENCIES.md CI/CD workflow description Dec 16, 2025
Copilot AI requested a review from perNyfelt December 16, 2025 22:59
@perNyfelt perNyfelt marked this pull request as ready for review December 16, 2025 23:05
Copilot AI review requested due to automatic review settings December 16, 2025 23:05
@perNyfelt perNyfelt merged commit 741baf7 into security_dependencies Dec 16, 2025
@perNyfelt perNyfelt deleted the copilot/sub-pr-8-again branch December 16, 2025 23:05
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the docs/DEPENDENCIES.md file to correct the CI/CD workflow description. The previous documentation incorrectly stated that dependency checks run on each push. The update aims to clarify that the dependency-check job has conditions for schedule or workflow_dispatch events.

Key Changes:

  • Replaced generic step-level examples with the actual job structure from ci.yml
  • Updated description to reflect conditional execution based on event types
  • Added rationale explaining the scheduled approach keeps regular CI builds fast

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

docs/DEPENDENCIES.md
## CI/CD Integration

The GitHub Actions workflow runs dependency checks on each push:
The GitHub Actions workflow includes a separate `dependency-check` job that runs on a schedule or manual workflow dispatch:
Copy link

Copilot AI Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The documentation states that the dependency-check job runs "on a schedule or manual workflow dispatch", but the actual ci.yml workflow file does not include schedule or workflow_dispatch in its trigger section (the on: section only includes push and pull_request). This means the dependency-check job will never execute, even though it has a condition checking for these events. Either the ci.yml workflow needs to be updated to include these triggers, or this documentation should accurately describe that the job is currently defined but not triggered.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@perNyfelt perNyfelt Awaiting requested review from perNyfelt

Assignees

@perNyfelt perNyfelt

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@perNyfelt