https://github.com/Makeshift/generate-dependabot-glob-action

Generates a `dependabot.yml` and PRs it against your repo if it needs updating to include a new directory or package-ecosystem, with globs/wildcards
https://github.com/Makeshift/generate-dependabot-glob-action

dependabot dependency-management github-actions

Last synced: 3 months ago
JSON representation

Generates a `dependabot.yml` and PRs it against your repo if it needs updating to include a new directory or package-ecosystem, with globs/wildcards

• Host: GitHub
• URL: https://github.com/Makeshift/generate-dependabot-glob-action
• Owner: Makeshift
• Created: 2022-11-20T13:54:23.000Z (almost 2 years ago)
• Default Branch: master
• Last Pushed: 2024-02-07T00:26:17.000Z (9 months ago)
• Last Synced: 2024-03-15T12:48:04.356Z (8 months ago)
• Topics: dependabot, dependency-management, github-actions
• Language: JavaScript
• Homepage:
• Size: 418 KB
• Stars: 14
• Watchers: 2
• Forks: 4
• Open Issues: 14
• Metadata Files:
  • Readme: Readme.md

Awesome Lists containing this project

README

        
# Generate Dependabot Glob Action

This action creates a `dependabot.yml` file from a user-provided template by replacing instances of directory globs with an array of objects matching that glob, with all the other keys copied.

For example, the following template:

```yaml

  - package-ecosystem: 'docker'

    directory: '/test/docker/*/Dockerfile*'

    schedule:

      interval: 'daily'

```

Will result in:

```yaml

  - package-ecosystem: 'docker'

    directory: '/test/docker/container_1/'

    schedule:

      interval: 'daily'

  - package-ecosystem: 'docker'

    directory: '/test/docker/container_2/'

    schedule:

      interval: 'daily'

  - package-ecosystem: 'docker'

    directory: '/test/docker/weird_dockerfile/'

    schedule:

      interval: 'daily'

```

Note that the basename of any matching directory is used as the value.

This action uses the [glob](https://www.npmjs.com/package/glob) node module. Refer to its documentation for more information on the glob syntax.

The default configuration for `glob` is as follows:

```js

const globOpts = {

  root: process.cwd(),

  mark: true,

  matchBase: true,

  nomount: true,

  follow: core.getInput('follow-symbolic-links') === 'true'

}

```

If these options are not sufficient, please open an issue and let me know.

## Quickstart

### Create a `.github/dependabot.template.yml` file

This is just a normal `dependabot.yml` file, but with globs/wildcards in the `directory` field.

Note that comments will not be transferred to the generated file.

  ```yaml

version: 2

updates:

  - package-ecosystem: 'github-actions'

    # No globs

    directory: '/'

    schedule:

      interval: 'daily'

  - package-ecosystem: 'docker'

    # Simple globs

    directory: '/test/docker/*/Dockerfile*'

    schedule:

      interval: 'weekly'

  - package-ecosystem: 'npm'

    # Simple glob + extglob

    directory: '/test/npm/*/{package-lock.json,yarn.lock}'

    ignore:

      - dependency-name: '*'

    schedule:

      interval: 'daily'

  - package-ecosystem: 'terraform'

    # Searches the entire tree, but only matches files with the given name

    # This actually outputs without a leading slash, but dependabot doesn't seem to care

    # Note the . is escaped, node-glob doesn't search hidden files by default

    directory: '\.terraform.lock.hcl'

    commit-message:

      prefix: 'terraform'

    schedule:

      interval: 'weekly'

  ```

### Create a `.github/workflows/generate_dependabot.yml` file

The action does not create a PR or otherwise commit the generated file, so we can use another action like peter-evans/create-pull-request to do that.

```yaml

name: Generate dependabot.yml

on:

  push:

  repository_dispatch:

  workflow_dispatch:

jobs:

  generate:

    runs-on: ubuntu-latest

    steps:

      

      - uses: actions/checkout@v3

        

      - name: Generate dependabot.yml

        uses: Makeshift/generate-dependabot-glob-action@master

      - name: Create Pull Request

        uses: peter-evans/create-pull-request@v4

```

Done. Now, whenever you push to the repository, or manually trigger the workflow, a PR will be created with the generated `dependabot.yml` file matching your wildcards if they've changed.

## Inputs

| parameter | description | required | default |

| --- | --- | --- | --- |

| template-file | Location of the file to use as template | `false` | .github/dependabot.template.yml |

| follow-symbolic-links | Indicates whether to follow symbolic links (If you want to put your template in a weird place) | `false` | true |

| file-header | Header to add to the generated file. ${input-name} will be replaced with the value of the given input. | `false` | # This file was generated by the "Generate Dependabot Glob" action. Do not edit it directly. # Make changes to `${template-file}` and a PR will be automatically created.  |