docs(pinact): standard Dependabot cooldown is 8 days (one over min_age 7) by dkastl · Pull Request #50 · geolonia/.github

dkastl · 2026-06-08T21:56:39Z

Documents the cooldown fix from the infra-cdk pilot (geolonia-infra-cdk#135).

Dependabot counts cooldown in calendar days while pinact --verify-min-age enforces an exact 168h floor. At the day boundary Dependabot could open a SHA-pinned PR a few hours before pinact accepts the pin, producing a transient red Action Pinning Check (seen on geolonia-infra-cdk#134). Setting the standard cooldown to 8 (one day over the 7-day min_age) guarantees Dependabot PRs clear the gate on arrival.

pinact remains the hard 7-day floor; Dependabot just waits a day longer so it always clears it.

Part of geolonia-operations#144 / epic geolonia-operations#142.

Summary by CodeRabbit

Documentation
- Updated Dependabot/action pinning guidance to use an 8-day cooldown (previously 7 days) and adjusted explanatory text to reflect the one-day-longer cooldown relative to pinning timing behavior.

…e 7) Dependabot counts cooldown in calendar days while pinact's --verify-min-age enforces an exact 168h floor; an 8-day cooldown guarantees Dependabot PRs clear the Action Pinning Check on arrival (see geolonia-infra-cdk#134/#135).

github-actions · 2026-06-08T21:56:51Z

Secret Leak Check

OK No secrets detected in this PR's diff.

coderabbitai · 2026-06-08T21:56:59Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: be3aa48e-8652-4903-810d-744670529fe7

📥 Commits

Reviewing files that changed from the base of the PR and between 2444673 and d2ad4ce.

📒 Files selected for processing (1)

pinact/.pinact.yml

Walkthrough

Updates the "Action Pinning Check" docs and pinact comment to use an 8-day Dependabot cooldown (was 7), and adjusts wording to clarify the timing relationship with pinact's 168-hour minimum-age.

Changes

Dependabot Cooldown Documentation

Layer / File(s)	Summary
Dependabot cooldown timing documentation `docs/workflows.md`, `pinact/.pinact.yml`	Updated Dependabot `cooldown.default-days` wording from 7 to 8 days in docs and the pinact comment, and revised explanatory text about how that cooldown aligns with pinact's 168-hour minimum-age enforcement.

Possibly related PRs

geolonia/.github#48: Both PRs touch docs/workflows.md's "Action Pinning Check" guidance around the pinact minimum age/dependabot cooldown value.
geolonia/.github#49: Updates the "Action Pinning Check" documentation's cooldown guidance with same docs/workflows.md context tied to pinact cooldown/min-age rules.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: updating the standard Dependabot cooldown from 7 to 8 days and explaining its relationship to min_age.
Description check	✅ Passed	The description comprehensively explains the technical context, problem (transient Action Pinning Check failures), and solution (8-day cooldown). It is well-structured and detailed, though it deviates from the template format.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch fix/dependabot-cooldown-8-docs

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/workflows.md`:
- Around line 176-183: Update the explanatory comment in the pinact-check
template that currently reads "matching 7-day cooldown" to reflect the new 8-day
standard: change the phrasing to "matching 8-day cooldown" (or equivalent) so it
matches the documented cooldown.default-days: 8 and the surrounding explanation
about pinact's min_age of 7 and Dependabot's calendar-day behavior; locate the
comment in the pinact-check template near the cooldown discussion (search for
the string "7-day cooldown" or the YAML key cooldown.default-days) and edit the
sentence to reference 8 days.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 67bd2fad-7161-45c0-8b58-5771efb9f25a

📥 Commits

Reviewing files that changed from the base of the PR and between c13a68c and 2444673.

📒 Files selected for processing (1)

docs/workflows.md

CodeRabbit (#50): the cooldown comment in pinact/.pinact.yml still said 'matching 7-day cooldown'. The cooldown is 8 (one over the 7-day min_age); the min_age references (7) elsewhere are correct and unchanged.

github-actions · 2026-06-08T22:02:09Z

Secret Leak Check

OK No secrets detected in this PR's diff.

coderabbitai Bot reviewed Jun 8, 2026

View reviewed changes

Comment thread docs/workflows.md

docs(pinact): canonical .pinact.yml comment says 8-day cooldown

d2ad4ce

CodeRabbit (#50): the cooldown comment in pinact/.pinact.yml still said 'matching 7-day cooldown'. The cooldown is 8 (one over the 7-day min_age); the min_age references (7) elsewhere are correct and unchanged.

dkastl merged commit 008b07e into main Jun 8, 2026
2 checks passed

dkastl deleted the fix/dependabot-cooldown-8-docs branch June 8, 2026 22:05

This was referenced Jun 9, 2026

ci: SHA-pin GitHub Actions + pinact gate, Dependabot, .pinact.yml (#144) #51

Merged

docs: team best-practice guide for pinning GitHub Actions (#146) #53

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs(pinact): standard Dependabot cooldown is 8 days (one over min_age 7)#50

docs(pinact): standard Dependabot cooldown is 8 days (one over min_age 7)#50
dkastl merged 2 commits into
mainfrom
fix/dependabot-cooldown-8-docs

dkastl commented Jun 8, 2026 •

edited by coderabbitai Bot

Loading

Uh oh!

github-actions Bot commented Jun 8, 2026

Uh oh!

coderabbitai Bot commented Jun 8, 2026 •

edited

Loading

Uh oh!

coderabbitai Bot left a comment

Uh oh!

Uh oh!

github-actions Bot commented Jun 8, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dkastl commented Jun 8, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

github-actions Bot commented Jun 8, 2026

Secret Leak Check

Uh oh!

coderabbitai Bot commented Jun 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Possibly related PRs

Estimated code review effort

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

github-actions Bot commented Jun 8, 2026

Secret Leak Check

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dkastl commented Jun 8, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented Jun 8, 2026 •

edited

Loading