chore: add Dependabot config for gomod and GitHub Actions

[satococoa]

Summary

• Add Dependabot configuration for automated dependency updates.
• Keep existing CI/E2E/Release workflows unchanged.
• Configure weekly updates on Monday 03:00 UTC.

Scope

• Go modules (gomod, directory /)
• GitHub Actions (github-actions, directory /)

Update Strategy

• Group minor and patch updates to reduce PR noise:
  • gomod-minor-patch
  • gha-minor-patch
• Keep major updates as separate PRs for explicit review.
• Limit open Dependabot PRs to 5 per ecosystem.

Notes

• No auto-merge configured (manual review flow).
• No CLI/API behavior changes.

Summary by CodeRabbit

• Chores
  • Configured automated dependency updates to improve project maintenance.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 663bc63 and 3b0a376.

📒 Files selected for processing (1)

• .github/dependabot.yml

---

📝 Walkthrough

Walkthrough

A new Dependabot configuration file is introduced to automate dependency updates for Go modules and GitHub Actions. The configuration specifies weekly update schedules on Mondays at 03:00 UTC with grouping strategies for minor and patch version updates.

Changes

Cohort / File(s)	Summary
Dependabot Configuration .github/dependabot.yml	Adds version 2 Dependabot config for two ecosystems: gomod and github-actions, each with weekly Monday 03:00 UTC schedules, minor/patch update allowance, 5 open PR limits, and update grouping strategies.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Hops of joy through the code!
Dependencies now auto-update their load,
Mondays at three, the bot will convene,
Keeping our modules and actions pristine,
Less manual work—what a wonderful scene! 🌙✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: adding Dependabot configuration for Go modules and GitHub Actions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/dependabot-config

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR adds Dependabot configuration to automate dependency updates for the wtp (Worktree Plus) Git worktree management tool. The configuration enables weekly automated dependency checks for both Go modules and GitHub Actions, grouping minor and patch updates to reduce PR noise while keeping major updates separate for explicit review.

Changes:

• Add .github/dependabot.yml configuration file with settings for Go modules and GitHub Actions ecosystems
• Configure weekly update schedule on Mondays at 03:00 UTC
• Group minor and patch updates to limit PR noise, keeping major updates as separate PRs

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.