#153 Removing obsolete GH Action, it's now part of Github & Dependabot update

[lsulak]

Closes #153

Summary by CodeRabbit

• Chores
  • Disabled scheduled sbt dependency updates in Dependabot configuration
  • Removed the automated dependency-items check workflow that reported dependency issues

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Removed the Dependabot sbt update block from .github/dependabot.yml and deleted the .github/workflows/dependent_items.yml workflow that invoked the z0al/dependent-issues action.

Changes

Cohort / File(s)	Summary
Dependabot config ​.github/dependabot.yml	Removed the sbt package-ecosystem update block (weekly schedule, labels, PR limit, commit-message prefix). Other update entries unchanged.
Workflow removal ​.github/workflows/dependent_items.yml	Deleted the entire "Dependent Items Check" workflow that ran z0al/dependent-issues and provided dependency-check comments/inputs.

Sequence Diagram(s)

(omitted — changes are removal of config/workflow, not a new multi-component flow)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• Removing obsolete GH Action, it's now part of Github & Correct Dependabot #153: Matches intent to remove the obsolete dependent-items workflow and disable sbt Dependabot config since Dependabot lacks SBT support.
• Removing obsolete GH Action balta#66: Removes the same obsolete dependent-items workflow; directly related.

Possibly related PRs

• #151: addressing Aquasec findings #152: Modifies the same .github/dependabot.yml and .github/workflows/dependent_items.yml areas (related changes to Dependabot and the dependent-items workflow).

Suggested labels

no RN

Suggested reviewers

• dk1844
• benedeki
• Zejnilovic
• jakipatryk
• salamonpavel
• miroslavpojer

Poem

🐰
I hopped through configs, soft and spry,
Removed a workflow, gave SBT a sigh.
Dependabot sleeps where it could not tread,
Simpler files now rest their head.
Hooray for tidy trees and less to dread!

Pre-merge checks

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: removing an obsolete GitHub Action and addressing Dependabot configuration updates.
Linked Issues check	✅ Passed	Both objectives from issue #153 are met: the dependent-issues.yml workflow is removed and the sbt update block is removed from dependabot.yml.
Out of Scope Changes check	✅ Passed	All changes are directly related to issue #153 objectives; no out-of-scope modifications were introduced.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 242de20 and d36303c.

📒 Files selected for processing (1)

• .github/dependabot.yml

💤 Files with no reviewable changes (1)

• .github/dependabot.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build, Test and Doc (2.12.17)
• GitHub Check: Build, Test and Doc (2.13.12)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

JaCoCo core module code coverage report - scala 2.13.11

Overall Project	59.84%	🍏

There is no coverage information present for the Files changed

[github-actions]

JaCoCo doobie module code coverage report - scala 2.13.11

Overall Project	70.17%	🍏

There is no coverage information present for the Files changed

[github-actions]

JaCoCo slick module code coverage report - scala 2.13.11

Overall Project	91.42%	🍏

There is no coverage information present for the Files changed

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/dependabot.yml (1)

18-31: Correctly disabled, but consider implementing alternative solutions.

The commented-out configuration is appropriate since Dependabot cannot update dependencies in build.sbt files. Native SBT support remains an open feature request in the Dependabot project.

However, this leaves your Scala dependencies without automated security scanning or update management. Consider implementing one of these alternatives:

1. For vulnerability scanning: Use the sbt-dependency-submission GitHub Action to submit dependencies to GitHub's Dependency submission API, enabling Dependabot alerts for vulnerabilities.

2. For automated dependency updates: Use Scala Steward, which creates pull requests to keep dependencies up-to-date and works specifically with Scala build tools.

Based on learnings, the repository has an existing release workflow using sbt ci-release, so adding sbt-dependency-submission would complement your CI/CD setup well.

Example sbt-dependency-submission workflow

Create .github/workflows/dependency-graph.yml:

name: Update Dependency Graph
on:
  push:
    branches:
      - master
jobs:
  update-graph:
    name: Update Dependency Graph
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: scalacenter/sbt-dependency-submission@v2

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 201f48b and 242de20.

📒 Files selected for processing (2)

• .github/dependabot.yml
• .github/workflows/dependent_items.yml

💤 Files with no reviewable changes (1)

• .github/workflows/dependent_items.yml

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: benedeki
Repo: AbsaOSS/fa-db PR: 140
File: project/plugins.sbt:18-18
Timestamp: 2025-09-09T11:30:33.202Z
Learning: The fa-db repository at AbsaOSS/fa-db has an existing GitHub Actions workflow (.github/workflows/release.yml) that uses sbt ci-release with all required secrets (PGP_PASSPHRASE, PGP_SECRET, SONATYPE_PASSWORD, SONATYPE_USERNAME) properly configured for Maven Central publishing.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Build, Test and Measure
• GitHub Check: Build, Test and Measure
• GitHub Check: Build, Test and Doc (2.12.17)
• GitHub Check: Build, Test and Doc (2.13.12)