Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Config file: Support Wildcards in directory #2178

Closed
blakemorgan opened this issue Mar 22, 2019 · 119 comments
Closed

Config file: Support Wildcards in directory #2178

blakemorgan opened this issue Mar 22, 2019 · 119 comments
Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR Keep Exempt this from being marked by stalebot T: feature-request Requests for new features

Comments

@blakemorgan
Copy link

Our repo doesn't have a pom.xml file at / but it does in multiple subdirectories (so /*/). Dependabot didn't recognize the wildcard in the directory name when I put that in the config file. Is it possible to get wildcards recognized in the directory value of the config file?

@greysteil
Copy link
Contributor

greysteil commented Mar 22, 2019

Frustratingly, this is a bit more difficult on our backend than it sounds. The answer here is pretty similar to:

We'd like to support this, and it's on our roadmap (together with grouping projects), but it's a way off.

@bsideup
Copy link

bsideup commented Mar 24, 2020

Would be nice to have it!

Here is an example where it fails:
https://github.com/bsideup/liiklus/blob/09d16a867b93ca966d6200c6d62f646d0344065b/settings.gradle#L11

@infin8x infin8x transferred this issue from dependabot/feedback Jun 29, 2020
@infin8x infin8x added F: language-support Issues specific to a particular language or ecosystem; may be paired with an L: label. L: java:maven Maven packages via Maven T: feature-request Requests for new features labels Jul 2, 2020
@infin8x infin8x added F: version-updates ⬆️ Issues specific to version updates and removed F: language-support Issues specific to a particular language or ecosystem; may be paired with an L: label. L: java:maven Maven packages via Maven labels Jul 20, 2020
@alexf101
Copy link

I wrote a script that auto-generates Dependabot configs using globs 😅

Please feel free to use my awful hacks however you like until Dependabot/Github implement this feature properly.

https://gist.github.com/alexf101/b65cbfe7c5a61df7d925589a71d200cf

@jauderho
Copy link

+1 from me.

I have a dockerfiles repo with multiple directories representing different images being built. I was dismayed to find out that dependabot.yml only allows specifying one directory.

Even if we are somehow able to do the following would be a start

directory: |
/dir1
/dir2

mrtnzlml added a commit to adeira/universe that referenced this issue Mar 2, 2021
I incorrectly assumed Dependabot can find the Cargo config files, however, the projects must be specified independently (see: dependabot/dependabot-core#2178).

Without this, Dependabot fails with the following error:

```
Dependabot couldn't find a Cargo.toml

Dependabot requires a Cargo.toml to evaluate your Rust dependencies. It had expected to find one at the path: /src/Cargo.toml.

If this isn't a Rust project, you may wish to disable updates for it in the .github/dependabot.yml config file in this repo.
```

See: https://github.com/adeira/universe/network/updates/91435760
kodiakhq bot pushed a commit to adeira/universe that referenced this issue Mar 4, 2021
I incorrectly assumed Dependabot can find the Cargo config files, however, the projects must be specified independently (see: dependabot/dependabot-core#2178).

Without this, Dependabot fails with the following error:

```
Dependabot couldn't find a Cargo.toml

Dependabot requires a Cargo.toml to evaluate your Rust dependencies. It had expected to find one at the path: /src/Cargo.toml.

If this isn't a Rust project, you may wish to disable updates for it in the .github/dependabot.yml config file in this repo.
```

See: https://github.com/adeira/universe/network/updates/91435760
@michaelmerrill
Copy link

Any update on where this is on the roadmap?

@blakemorgan
Copy link
Author

For our teams, the Terraform support with Dependabot greatly increased the need for this feature. We have local modules storing common infrastructure for the environments, then a separate folder for each environment. Sometimes, because of weird dependencies, we have to have two folders for each environment. That's upwards of 10 folders for each project. It would be nicer to have one entry in the config file instead of 10.

@gjermundgaraba
Copy link

If someone would like a javascript hack as a workaround:

  • handlebar template for dependabot file
  • "fast-glob" all the different types you need and generate a new dependabot file:
fb.sync([
        `${repoRoot}/**/package.json`,
        `${repoRoot}/**/go.mod`,
        `${repoRoot}/**/pom.xml`,
        `${repoRoot}/**/Dockerfile`,
        // Stuff to ignore:
        `!${repoRoot}/**/node_modules`,
        `!${repoRoot}/**/vendor`])
        .map(mapItToAStructureYouWantToSendToHandleBar)

For monorepos, it is death trying to maintain the dependabot file by hand.

@jorgepiloto
Copy link

Hi @carlincherry, we have a repository of composite actions living in https://github.com/ansys/actions. Could our project be part of the beta testers? Thanks!

@patatepartie
Copy link

Thanks to the dependabot team for this change ❤️ . It really made updating dependencies easier for me.

I'm not sure if this is the place to report bugs on the new directories option (if not, please let me know where it is), but I've run into a quality of life issue: when there is the same dependency being updated in a lot of directories, the section for the dependency is repeated for each directory, leading, in my case, to a truncated output, preventing seeing the changelog for other dependencies.
This happens for me with terraform providers, in a repository where I have many terraform workspaces using the same provider (AWS):

Screenshot 2024-06-06 at 9 18 41

That section about the AWS provider is repeated a few time time, then the output is truncated (the markdown ends with _Description has been truncated_).

@carlincherry
Copy link
Member

If you requested access the private beta either directly on this issue or via email to me, try it out now! I've added you to a private beta repo for instructions on setup and to provide feedback.

@billinghamj
Copy link

Could wearemojo/mojo be added please? :)

@billinghamj
Copy link

billinghamj commented Jun 12, 2024

@carlincherry We do seem to be having a bit of an issue 🤔

https://github.com/wearemojo/mojo/runs/26128472666

The property '#/updates/4/directory' must not include a glob pattern

Is there a delay in the enabling process?

Edit: nvm, just realized you can't use globbing in directory (singular), but can in directories (plural)

@Nishnha
Copy link
Member

Nishnha commented Jun 25, 2024

Hi folks, this feature is now live! https://github.blog/changelog/2024-06-25-simplified-dependabot-yml-configuration-with-multi-directory-key-directories-and-wildcard-glob-support/

If you have questions or encounter any problems with this, please file a new issue or reach out to GitHub support.

@deki
Copy link

deki commented Jul 8, 2024

Wonder how this has been tested. Still facing the issue that only a PR for the first project with a dependency update is being created and all other projects are ignored and kept outdated (both Maven and Gradle). This was pointed out earlier during the beta phase and still occurs today.

@norrisjeremy
Copy link

Wonder how this has been tested. Still facing the issue that only a PR for the first project with a dependency update is being created and all other projects are ignored and kept outdated (both Maven and Gradle). This was pointed out earlier during the beta phase and still occurs today.

Yes, seeing the same issue here as well.

@mattjohnsonpint
Copy link

Same with npm. Only the first dir in the directories list gets updates.

@JCradock
Copy link

JCradock commented Jul 8, 2024

Adding a grouping fixed the issue of only the first directory being updated using wildcards for us.

@norrisjeremy
Copy link

I sure hope that adding groups isn't somehow mandatory in order to use this feature...

@powerman
Copy link

powerman commented Jul 8, 2024

What will be a minimal working fix? Just a single empty groups: key or it needs some content?

@lucacome
Copy link

lucacome commented Jul 8, 2024

@norrisjeremy @powerman I tried grouping and still doesn't work, see #10090

@deki
Copy link

deki commented Aug 12, 2024

Just opened another issue related to duplicate PRs in Java #10415

@mattjohnsonpint
Copy link

Not sure what changed, but recently it started working for me where it didn't before.

@abdulapopoola
Copy link
Member

@mattjohnsonpint , @jakecoffman submitted a couple of fixes a few weeks ago.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR Keep Exempt this from being marked by stalebot T: feature-request Requests for new features
Projects
Status: Done
Development

No branches or pull requests