🔄 synced file(s) with neurobagel/workflows

[neurobagel-bot]

synced local file(s) with neurobagel/workflows.

Changed files

• synced local .github/dependabot.yml with remote template_workflows/dependabot.yml

---

This PR was created automatically by the repo-file-sync-action workflow run #23662493911

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Aligns Dependabot and release workflow configurations with the central neurobagel/workflows templates by switching Dependabot to a pip security-updates setup and downgrading the GitHub App token action version in the release workflow.

Flow diagram for pip-based Dependabot security updates configuration

flowchart TD
  A[dependabot_yml] --> B[Configure_package_ecosystem_pip]
  B --> C[Set_directory_root]
  C --> D[Set_schedule_weekly]
  D --> E[Configure_security_update_labels]
  E --> F[Dependabot_Scans_requirements_txt]
  F --> G{Security_vulnerability_found?}
  G -- Yes --> H[Open_PR_with_security_labels]
  G -- No --> I[Wait_until_next_weekly_scan]

Loading

File-Level Changes

Change	Details	Files
Adjust Dependabot configuration to focus on pip-based security updates with custom labeling while disabling regular version update PRs.	Replace previously planned uv ecosystem entry with a pip ecosystem configuration targeting the repository root Document that Dependabot security updates are enabled via repo settings and that this file customizes labels only Clarify that the configuration only applies to repositories using Python/pip (requirements.txt)	.github/dependabot.yml
Update the release workflow to use an earlier major version of the GitHub App token generation action for compatibility with synced templates.	Change actions/create-github-app-token reference from v3 back to v2 Keep usage of app-id and private-key inputs with existing NB_BOT_* variables unchanged	.github/workflows/release.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We've reviewed this pull request using the Sourcery rules engine

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.92%. Comparing base (501761c) to head (d32e5b4).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #554   +/-   ##
=======================================
  Coverage   94.92%   94.92%           
=======================================
  Files          30       30           
  Lines        1282     1282           
  Branches       77       77           
=======================================
  Hits         1217     1217           
  Misses         37       37           
  Partials       28       28           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[surchs]

do not merge until uv is merged - must first update python wf in workflow repo