Skip to content

Generate Dependabot Glob

Actions
Creates a dependabot.yml dynamically based on glob patterns
v1.3.4
Latest
Star (17)

Generate Dependabot Glob Action

This action creates a dependabot.yml file from a user-provided template by replacing instances of directory globs with an array of objects matching that glob, with all the other keys copied.

For example, the following template:

  - package-ecosystem: 'docker'
    directory: '/test/docker/*/Dockerfile*'
    schedule:
      interval: 'daily'

Will result in:

  - package-ecosystem: 'docker'
    directory: '/test/docker/container_1/'
    schedule:
      interval: 'daily'
  - package-ecosystem: 'docker'
    directory: '/test/docker/container_2/'
    schedule:
      interval: 'daily'
  - package-ecosystem: 'docker'
    directory: '/test/docker/weird_dockerfile/'
    schedule:
      interval: 'daily'

Note that the basename of any matching directory is used as the value.

This action uses the glob node module. Refer to its documentation for more information on the glob syntax.

The default configuration for glob is as follows:

const globOpts = {
  root: process.cwd(),
  mark: true,
  matchBase: true,
  nomount: true,
  follow: core.getInput('follow-symbolic-links') === 'true'
}

If these options are not sufficient, please open an issue and let me know.

Quickstart

Create a .github/dependabot.template.yml file

This is just a normal dependabot.yml file, but with globs/wildcards in the directory field. Note that comments will not be transferred to the generated file.

version: 2

updates:
- package-ecosystem: 'github-actions'
  # No globs
  directory: '/'
  schedule:
    interval: 'daily'

- package-ecosystem: 'docker'
  # Simple globs
  directory: '/test/docker/*/Dockerfile*'
  schedule:
    interval: 'weekly'

- package-ecosystem: 'npm'
  # Simple glob + extglob
  directory: '/test/npm/*/{package-lock.json,yarn.lock}'
  ignore:
    - dependency-name: '*'
  schedule:
    interval: 'daily'

- package-ecosystem: 'terraform'
  # Searches the entire tree, but only matches files with the given name
  # This actually outputs without a leading slash, but dependabot doesn't seem to care
  # Note the . is escaped, node-glob doesn't search hidden files by default
  directory: '\.terraform.lock.hcl'
  commit-message:
    prefix: 'terraform'
  schedule:
    interval: 'weekly'

Create a .github/workflows/generate_dependabot.yml file

The action does not create a PR or otherwise commit the generated file, so we can use another action like peter-evans/create-pull-request to do that.

name: Generate dependabot.yml

on:
  push:
  repository_dispatch:
  workflow_dispatch:

jobs:
  generate:
    runs-on: ubuntu-latest
    steps:
      
      - uses: actions/checkout@v3
        
      - name: Generate dependabot.yml
        uses: Makeshift/generate-dependabot-glob-action@master

      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v4

Done. Now, whenever you push to the repository, or manually trigger the workflow, a PR will be created with the generated dependabot.yml file matching your wildcards if they've changed.

Inputs

parameter description required default
template-file Location of the file to use as template false .github/dependabot.template.yml
follow-symbolic-links Indicates whether to follow symbolic links (If you want to put your template in a weird place) false true
file-header Header to add to the generated file. ${input-name} will be replaced with the value of the given input. false # This file was generated by the "Generate Dependabot Glob" action. Do not edit it directly. # Make changes to ${template-file} and a PR will be automatically created.

Generate Dependabot Glob is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Creates a dependabot.yml dynamically based on glob patterns
v1.3.4
Latest

Generate Dependabot Glob is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.