-
Notifications
You must be signed in to change notification settings - Fork 991
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support multiple lock files for Bundler #2106
Comments
@paulsturgess thanks for your suggestion! We don't currently support this filename but sounds like we should support We're currently have the next six months planned out scaling Dependabot at GitHub so unfortunately don't have capacity to take on any new features while we complete this roll out. |
OK cool thanks for the response. If I was to open a PR would you consider it? I'm not exactly sure where I'd go to do that, if you have any pointers on accepting contributions please let me know! |
@paulsturgess for sure happy to review any PR! 😍 You'd want to start here to support fetching multiple dependabot-core/bundler/lib/dependabot/bundler/file_fetcher.rb Lines 65 to 73 in b8acc04
gemspecs ).
I'm not sure how much would break if we started fetching multiple |
Is there an existing way to support multiple Gemfiles with dependabot? For example, if each Gemfile/.lock was put in a different directory with the standard
|
@eliotsykes yep this would work! |
The BootBoot gem makes it very easy to run tests against against future versions of Rails. When running bundle install it produces a Gemfile_next.lock alongside the usual Gemfile.lock. At the moment Dependabot only fetches the standard Gemfile.lock This commit enables the Bundler::FileFetcher to fetch all Gemfile.lock files and all Gemfile versions. https://github.com/dependabot/feedback/issues/689
The BootBoot gem makes it very easy to run tests against against future versions of Rails. When running bundle install it produces a Gemfile_next.lock alongside the usual Gemfile.lock. At the moment Dependabot only fetches the standard Gemfile.lock This commit enables the Bundler::FileFetcher to fetch all Gemfile.lock files and all Gemfile versions. https://github.com/dependabot/feedback/issues/689
@feelepxyz this isn't working for me. I made a test repo with two
It seems only one directory can be used? Or am I missing something? |
@JacobEvelyn you'll need to create a new update config entry for each directory: version: 1
update_configs:
- package_manager: "ruby:bundler"
directory: "/"
update_schedule: "live"
- package_manager: "ruby:bundler"
directory: "/.overcommit"
update_schedule: "live" |
Ah perfect, looks like that works! |
Looks like you've got this working via multiple |
I solved this problem by adding a Github Action workflow which updates I wrote it up in a blog post: |
@infin8x Can we open up this issue again? Or should I create a new |
Unfortunately I'm not on the Dependabot team anymore. @hmarr or @feelepxyz may be able to get you in the right direction. |
The BootBoot gem makes it very easy to run tests against against future versions of Rails.
When running
bundle install
it produces aGemfile_next.lock
alongside the usualGemfile.lock
. At the moment Dependabot only checks in theGemfile.lock
and I guess it ignores theGemfile_next.lock
as this is a non-standard file. The result is an error is raised when the CI attempts run bundler before running the tests.Here's an example of the error output:
It would be great if there was some way to specify any custom lock files (or maybe just any non-standard output) that should be committed by Dependabot. Does this sound like a sane idea?
The text was updated successfully, but these errors were encountered: