Add dependabot configuration to bump Stream conventions

[gpunto]

Goal

Add dependabot configuration so that PRs bumping Stream conventions will be created automatically by dependabot.

Implementation

Add .github/dependabot.yml with configuration to only update workflows/actions & stream plugins

Testing

We'll enable dependabot in the repo settings & check that PRs are opened properly

Summary by CodeRabbit

• Chores
  • Added automated dependency update configuration for GitHub Actions and build dependencies, enabling daily update checks and automated pull request generation for managed project artifacts.

[github-actions]

PR checklist ✅

All required conditions are satisfied:

• Title length is OK (or ignored by label).
• At least one pr: label exists.
• Sections ### Goal, ### Implementation, and ### Testing are filled.

🎉 Great job! This PR is ready for review.

[coderabbitai]

Walkthrough

Introduces a Dependabot configuration file that enables automated daily dependency updates for GitHub Actions and Gradle ecosystems. Gradle updates are limited to specific io.getstream artifacts to maintain control over dependency changes. All generated pull requests are labeled pr:ci.

Changes

Cohort / File(s)	Summary
Dependabot Configuration .github/dependabot.yml	Adds automated dependency update schedule for github-actions and gradle ecosystems with daily frequency. Gradle updates scoped to io.getstream artifacts only; all PRs labeled pr:ci.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Dependabot hops in with care,
Keeping versions fresh and fair,
Daily checks with gentle grace,
For gradle updates, the right place,
github-actions prancing free,
A dependency symphony! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding dependabot configuration for Stream conventions.
Description check	✅ Passed	The description follows the template with Goal, Implementation, and Testing sections completed; Checklist is missing but non-critical.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/dependabot.yml:
- Around line 16-23: Remove the three non-existent allow-list entries
(io.getstream.android.test, io.getstream.java.platform, io.getstream.publish)
and keep only the actual Gradle plugin identifiers that exist in
gradle/libs.versions.toml (io.getstream.project, io.getstream.android.library,
io.getstream.android.application, io.getstream.java.library) so Dependabot's
allow list matches real plugins; update the allow block to include just those
four identifiers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5dac2f48-0c46-4544-a9c5-f821b2b0b923

📥 Commits

Reviewing files that changed from the base of the PR and between b8fe04f and bbede17.

📒 Files selected for processing (1)

• .github/dependabot.yml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud