Add the same auto-approval step that the renovate workflow already has,
so that dependabot PRs that only touch yarn.lock files get approved
automatically.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
Use the service account workflow to auto-approve Renovate PRs that only change yarn.lock files.
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
Move the branch verification to a separate step right after checkout,
and gate all subsequent steps on its output. Removes the redundant
branch check from inside the changeset generation script.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
All lockfiles in the repo use Yarn 4, so use `yarn --cwd <dir> dedupe`
uniformly instead of npx yarn-deduplicate for subdirectories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
Each step sets an output only if it actually modified files. The
dedupe step checks git diff after running to avoid staging unchanged
lockfiles. A final step commits and pushes only if either step
made changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
Only dedupe each lockfile if it was actually changed by Dependabot.
Covers root (Yarn 4) and docs-ui/microsite (Yarn Classic) lockfiles.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
These directories were previously only covered by the catch-all
rule, requiring review from @backstage/maintainers. Since they
fall under the Design System project area scope, assign them to
@backstage/design-system-maintainers.
Signed-off-by: Johan Persson <johanopersson@gmail.com>
Add documentation for the new group aliases and contentOrder options
to the catalog customization guide.
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
The paths-ignore for microsite/** was also skipping CI for changes to
microsite/data/plugins/, which is where the plugin directory YAML files
live. This meant the verify plugin directory step never ran for the
files it was supposed to validate.
Switch from paths-ignore to paths with negation so that microsite/data/
changes still trigger CI while other microsite changes remain excluded.
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Move agent instructions from `.github/copilot-instructions.md` to `AGENTS.md`
at the repo root for broader AI agent tool compatibility, and remove the
Cursor rule that pointed at the old file.
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Adds a dependabot.yml configuration that:
- Ignores @types/react and @types/node (need to match supported versions)
- Ignores packages with licensing issues (@elastic/elasticsearch, event-source-polyfill)
- Disables version update PRs (we use Renovate for that)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
These type packages need to stay pinned to match the React/Node
versions we support, so we don't want automated bump PRs for them.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
James Brooks