-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Config file: Support Wildcards in directory #2178
Comments
Frustratingly, this is a bit more difficult on our backend than it sounds. The answer here is pretty similar to: We'd like to support this, and it's on our roadmap (together with grouping projects), but it's a way off. |
Would be nice to have it! Here is an example where it fails: |
I wrote a script that auto-generates Dependabot configs using globs 😅 Please feel free to use my awful hacks however you like until Dependabot/Github implement this feature properly. https://gist.github.com/alexf101/b65cbfe7c5a61df7d925589a71d200cf |
+1 from me. I have a dockerfiles repo with multiple directories representing different images being built. I was dismayed to find out that dependabot.yml only allows specifying one directory. Even if we are somehow able to do the following would be a start
|
I incorrectly assumed Dependabot can find the Cargo config files, however, the projects must be specified independently (see: dependabot/dependabot-core#2178). Without this, Dependabot fails with the following error: ``` Dependabot couldn't find a Cargo.toml Dependabot requires a Cargo.toml to evaluate your Rust dependencies. It had expected to find one at the path: /src/Cargo.toml. If this isn't a Rust project, you may wish to disable updates for it in the .github/dependabot.yml config file in this repo. ``` See: https://github.com/adeira/universe/network/updates/91435760
I incorrectly assumed Dependabot can find the Cargo config files, however, the projects must be specified independently (see: dependabot/dependabot-core#2178). Without this, Dependabot fails with the following error: ``` Dependabot couldn't find a Cargo.toml Dependabot requires a Cargo.toml to evaluate your Rust dependencies. It had expected to find one at the path: /src/Cargo.toml. If this isn't a Rust project, you may wish to disable updates for it in the .github/dependabot.yml config file in this repo. ``` See: https://github.com/adeira/universe/network/updates/91435760
Any update on where this is on the roadmap? |
For our teams, the Terraform support with Dependabot greatly increased the need for this feature. We have local modules storing common infrastructure for the environments, then a separate folder for each environment. Sometimes, because of weird dependencies, we have to have two folders for each environment. That's upwards of 10 folders for each project. It would be nicer to have one entry in the config file instead of 10. |
If someone would like a javascript hack as a workaround:
fb.sync([
`${repoRoot}/**/package.json`,
`${repoRoot}/**/go.mod`,
`${repoRoot}/**/pom.xml`,
`${repoRoot}/**/Dockerfile`,
// Stuff to ignore:
`!${repoRoot}/**/node_modules`,
`!${repoRoot}/**/vendor`])
.map(mapItToAStructureYouWantToSendToHandleBar) For monorepos, it is death trying to maintain the dependabot file by hand. |
Hi @carlincherry, we have a repository of composite actions living in https://github.com/ansys/actions. Could our project be part of the beta testers? Thanks! |
If you requested access the private beta either directly on this issue or via email to me, try it out now! I've added you to a private beta repo for instructions on setup and to provide feedback. |
Could wearemojo/mojo be added please? :) |
@carlincherry We do seem to be having a bit of an issue 🤔 https://github.com/wearemojo/mojo/runs/26128472666
Is there a delay in the enabling process? Edit: nvm, just realized you can't use globbing in |
Hi folks, this feature is now live! https://github.blog/changelog/2024-06-25-simplified-dependabot-yml-configuration-with-multi-directory-key-directories-and-wildcard-glob-support/ If you have questions or encounter any problems with this, please file a new issue or reach out to GitHub support. |
Wonder how this has been tested. Still facing the issue that only a PR for the first project with a dependency update is being created and all other projects are ignored and kept outdated (both Maven and Gradle). This was pointed out earlier during the beta phase and still occurs today. |
Yes, seeing the same issue here as well. |
Same with npm. Only the first dir in the |
Adding a grouping fixed the issue of only the first directory being updated using wildcards for us. |
I sure hope that adding groups isn't somehow mandatory in order to use this feature... |
What will be a minimal working fix? Just a single empty |
@norrisjeremy @powerman I tried grouping and still doesn't work, see #10090 |
Just opened another issue related to duplicate PRs in Java #10415 |
Not sure what changed, but recently it started working for me where it didn't before. |
@mattjohnsonpint , @jakecoffman submitted a couple of fixes a few weeks ago. |
Our repo doesn't have a
pom.xml
file at/
but it does in multiple subdirectories (so/*/
). Dependabot didn't recognize the wildcard in the directory name when I put that in the config file. Is it possible to get wildcards recognized in the directory value of the config file?The text was updated successfully, but these errors were encountered: