This action creates a dependabot.yml file from a user-provided template by replacing instances of directory globs with an array of objects matching that glob, with all the other keys copied.
For example, the following template:
- package-ecosystem: 'docker'
directory: '/test/docker/*/Dockerfile*'
schedule:
interval: 'daily'Will result in:
- package-ecosystem: 'docker'
directory: '/test/docker/container_1/'
schedule:
interval: 'daily'
- package-ecosystem: 'docker'
directory: '/test/docker/container_2/'
schedule:
interval: 'daily'
- package-ecosystem: 'docker'
directory: '/test/docker/weird_dockerfile/'
schedule:
interval: 'daily'Note that the basename of any matching directory is used as the value.
This action uses the glob node module. Refer to its documentation for more information on the glob syntax.
The default configuration for glob is as follows:
const globOpts = {
root: process.cwd(),
absolute: false,
mark: true,
matchBase: true,
follow: actionOpts['follow-symbolic-links']
}If these options are not sufficient, please open an issue and let me know.
This is just a normal dependabot.yml file, but with globs/wildcards in the directory field.
Note that comments will not be transferred to the generated file.
version: 2
updates:
- package-ecosystem: 'github-actions'
# No globs
directory: '/'
schedule:
interval: 'daily'
- package-ecosystem: 'docker'
# Simple globs
directory: '/test/docker/*/Dockerfile*'
schedule:
interval: 'weekly'
- package-ecosystem: 'npm'
# Simple glob + extglob
directory: '/test/npm/*/{package-lock.json,yarn.lock}'
ignore:
- dependency-name: '*'
schedule:
interval: 'daily'
- package-ecosystem: 'terraform'
# Searches the entire tree, but only matches files with the given name
# This actually outputs without a leading slash, but dependabot doesn't seem to care
# Note the . is escaped, node-glob doesn't search hidden files by default
directory: '\.terraform.lock.hcl'
commit-message:
prefix: 'terraform'
schedule:
interval: 'weekly'
The action does not create a PR or otherwise commit the generated file, so we can use another action like peter-evans/create-pull-request to do that.
name: Generate dependabot.yml
on:
push:
branches:
- main
- master
workflow_dispatch:
jobs:
generate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Generate dependabot.yml
uses: github/generate-dependabot-glob-action@v1
- name: Create Pull Request
uses: peter-evans/create-pull-request@v6Done. Now, whenever you push to the repository, or manually trigger the workflow, a PR will be created with the generated dependabot.yml file matching your wildcards if they've changed.
| parameter | description | required | default |
|---|---|---|---|
| template-file | Location of the file to use as template | false |
.github/dependabot.template.yml |
| follow-symbolic-links | Indicates whether to follow symbolic links (If you want to put your template in a weird place) | false |
true |
| file-header | Header to add to the generated file. ${input-name} will be replaced with the value of the given input. | false |
# This file was generated by the "Generate Dependabot Glob" action. Do not edit it directly. # Make changes to ${template-file} and a PR will be automatically created. |