Update create-dependabot.yml #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create Dependabot Config | |
| on: | |
| push: | |
| paths: | |
| - '.github/workflows/create-dependabot.yml' | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| create-dependabot: | |
| runs-on: [ubuntu-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Detect repository languages | |
| id: detect-languages | |
| run: | | |
| # Initialize variables for each ecosystem | |
| HAS_CSHARP=false | |
| HAS_JS=false | |
| HAS_DOCKER=false | |
| HAS_PYTHON=false | |
| HAS_TERRAFORM=false | |
| # Check for C# files | |
| if find . -type f -name "*.cs" -o -name "*.csproj" | grep -q .; then | |
| HAS_CSHARP=true | |
| fi | |
| # Check for JavaScript/Node.js files | |
| if find . -type f -name "*.js" -o -name "package.json" | grep -q .; then | |
| HAS_JS=true | |
| fi | |
| # Check for Docker files | |
| if find . -type f -name "Dockerfile" -o -name "*.dockerfile" | grep -q .; then | |
| HAS_DOCKER=true | |
| fi | |
| # Check for Python files | |
| if find . -type f -name "*.py" -o -name "requirements.txt" | grep -q .; then | |
| HAS_PYTHON=true | |
| fi | |
| # Check for Terraform files | |
| if find . -type f -name "*.tf" | grep -q .; then | |
| HAS_TERRAFORM=true | |
| fi | |
| # Set outputs | |
| echo "has_csharp=$HAS_CSHARP" >> $GITHUB_OUTPUT | |
| echo "has_js=$HAS_JS" >> $GITHUB_OUTPUT | |
| echo "has_docker=$HAS_DOCKER" >> $GITHUB_OUTPUT | |
| echo "has_python=$HAS_PYTHON" >> $GITHUB_OUTPUT | |
| echo "has_terraform=$HAS_TERRAFORM" >> $GITHUB_OUTPUT | |
| - name: Generate dependabot configuration | |
| id: generate-config | |
| run: | | |
| # Start with base configuration | |
| cat > .github/dependabot.yml << 'EOL' | |
| # Please see the documentation for all configuration options: | |
| # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates | |
| version: 2 | |
| updates: | |
| EOL | |
| # GitHub Actions (always included) | |
| cat >> .github/dependabot.yml << 'EOL' | |
| # GitHub Actions | |
| - package-ecosystem: "github-actions" | |
| directory: "/" | |
| schedule: | |
| interval: "weekly" | |
| day: "monday" | |
| time: "09:00" | |
| timezone: "Europe/London" | |
| open-pull-requests-limit: 1 | |
| groups: | |
| patch-and-minor: | |
| patterns: | |
| - "*" | |
| update-types: | |
| - "minor" | |
| - "patch" | |
| labels: | |
| - "dependencies" | |
| - "github-actions" | |
| ignore: | |
| - dependency-name: "*" | |
| update-types: ["version-update:semver-major"] | |
| EOL | |
| # Add NuGet if C# is detected | |
| if [ "${{ steps.detect-languages.outputs.has_csharp }}" = "true" ]; then | |
| cat >> .github/dependabot.yml << 'EOL' | |
| # NuGet dependencies | |
| - package-ecosystem: "nuget" | |
| directories: | |
| - "*" | |
| schedule: | |
| interval: "weekly" | |
| day: "monday" | |
| time: "09:00" | |
| timezone: "Europe/London" | |
| open-pull-requests-limit: 1 | |
| groups: | |
| patch-and-minor: | |
| patterns: | |
| - "*" | |
| update-types: | |
| - "minor" | |
| - "patch" | |
| labels: | |
| - "dependencies" | |
| - "nuget" | |
| ignore: | |
| - dependency-name: "*" | |
| update-types: ["version-update:semver-major"] | |
| EOL | |
| fi | |
| # Add npm if JavaScript is detected | |
| if [ "${{ steps.detect-languages.outputs.has_js }}" = "true" ]; then | |
| cat >> .github/dependabot.yml << 'EOL' | |
| # npm dependencies | |
| - package-ecosystem: "npm" | |
| directories: | |
| - "*" | |
| schedule: | |
| interval: "weekly" | |
| day: "monday" | |
| time: "09:00" | |
| timezone: "Europe/London" | |
| open-pull-requests-limit: 1 | |
| groups: | |
| patch-and-minor: | |
| patterns: | |
| - "*" | |
| update-types: | |
| - "minor" | |
| - "patch" | |
| labels: | |
| - "dependencies" | |
| - "npm" | |
| ignore: | |
| - dependency-name: "*" | |
| update-types: ["version-update:semver-major"] | |
| EOL | |
| fi | |
| # Add Docker if Dockerfile is detected | |
| if [ "${{ steps.detect-languages.outputs.has_docker }}" = "true" ]; then | |
| cat >> .github/dependabot.yml << 'EOL' | |
| # Docker dependencies | |
| - package-ecosystem: "docker" | |
| directories: | |
| - "*" | |
| schedule: | |
| interval: "weekly" | |
| day: "monday" | |
| time: "09:00" | |
| timezone: "Europe/London" | |
| open-pull-requests-limit: 1 | |
| groups: | |
| patch-and-minor: | |
| patterns: | |
| - "*" | |
| update-types: | |
| - "minor" | |
| - "patch" | |
| labels: | |
| - "dependencies" | |
| - "docker" | |
| ignore: | |
| - dependency-name: "*" | |
| update-types: ["version-update:semver-major"] | |
| EOL | |
| fi | |
| # Add pip if Python is detected | |
| if [ "${{ steps.detect-languages.outputs.has_python }}" = "true" ]; then | |
| cat >> .github/dependabot.yml << 'EOL' | |
| # Python (pip) dependencies | |
| - package-ecosystem: "pip" | |
| directories: | |
| - "*" | |
| schedule: | |
| interval: "weekly" | |
| day: "monday" | |
| time: "09:00" | |
| timezone: "Europe/London" | |
| open-pull-requests-limit: 1 | |
| groups: | |
| patch-and-minor: | |
| patterns: | |
| - "*" | |
| update-types: | |
| - "minor" | |
| - "patch" | |
| labels: | |
| - "dependencies" | |
| - "pip" | |
| ignore: | |
| - dependency-name: "*" | |
| update-types: ["version-update:semver-major"] | |
| EOL | |
| fi | |
| # Add Terraform if HCL is detected | |
| if [ "${{ steps.detect-languages.outputs.has_terraform }}" = "true" ]; then | |
| cat >> .github/dependabot.yml << 'EOL' | |
| # Terraform dependencies | |
| - package-ecosystem: "terraform" | |
| directories: | |
| - "*" | |
| schedule: | |
| interval: "weekly" | |
| day: "monday" | |
| time: "09:00" | |
| timezone: "Europe/London" | |
| open-pull-requests-limit: 1 | |
| groups: | |
| patch-and-minor: | |
| patterns: | |
| - "*" | |
| update-types: | |
| - "minor" | |
| - "patch" | |
| labels: | |
| - "dependencies" | |
| - "terraform" | |
| ignore: | |
| - dependency-name: "*" | |
| update-types: ["version-update:semver-major"] | |
| EOL | |
| fi | |
| BRANCH_NAME="feature/update-dependabot-config-$(date +%s)" | |
| git checkout -b $BRANCH_NAME | |
| git add .github/dependabot.yml | |
| git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
| git config --local user.name "github-actions[bot]" | |
| git commit -m "chore: Add language-specific dependabot.yml configuration" | |
| git push origin $BRANCH_NAME | |
| echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT | |
| - name: Create Pull Request | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| token: ${{ github.token }} | |
| title: "Add language-specific dependabot.yml configuration" | |
| body: | | |
| This PR adds a dependabot.yml configuration file based on the detected languages in your repository. | |
| ## Detected Languages and Ecosystems: | |
| ${{ steps.detect-languages.outputs.has_csharp == 'true' && '- C# (NuGet)' || '' }} | |
| ${{ steps.detect-languages.outputs.has_js == 'true' && '- JavaScript/Node.js (npm)' || '' }} | |
| ${{ steps.detect-languages.outputs.has_docker == 'true' && '- Docker' || '' }} | |
| ${{ steps.detect-languages.outputs.has_python == 'true' && '- Python (pip)' || '' }} | |
| ${{ steps.detect-languages.outputs.has_terraform == 'true' && '- Terraform' || '' }} | |
| - GitHub Actions (always included) | |
| ### Configuration Details: | |
| - Weekly updates every Monday at 09:00 (Europe/London) | |
| - Maximum of 1 open PR at a time per ecosystem | |
| - Groups patch and minor updates together | |
| - Ignores major version updates | |
| - Ecosystem-specific labels for better visibility | |
| The configuration will help keep your dependencies up-to-date while maintaining stability by avoiding major version updates. | |
| branch: ${{ steps.generate-config.outputs.branch_name }} | |
| base: main | |
| delete-branch: true | |
| labels: | | |
| automation | |
| dependabot |