DEVHIDE
Login Or Sign up

GitHub dependabot for a library inside a yml file

388 Views Asked by At

Introduction

I'm currently working on a project that automatically containerizes a java project with JIB.

GitHub project link.

Problem

The LIB library is implicitly used inside the YAML file, like this :

    - name: Build JIB container and publish to GitHub Packages
      run: |
        if [ ! -z "${{ inputs.module }}" ]; then
          MULTI_MODULE_ARGS="-am -pl ${{ inputs.module }}"
        fi

        if [ ! -z "${{ inputs.main-class }}" ]; then
          MAIN_CLASS_ARGS="-Djib.container.mainClass=${{ inputs.main-class }}"
        fi

        mvn package com.google.cloud.tools:jib-maven-plugin:3.2.1:build \
        -Djib.to.image=${{ inputs.REGISTRY }}/${{ steps.downcase.outputs.lowercase }}:${{ inputs.tag-name }} \
        -Djib.to.auth.username=${{ inputs.USERNAME }} \
        -Djib.to.auth.password=${{ inputs.PASSWORD }} $MULTI_MODULE_ARGS $MAIN_CLASS_ARGS
      shell: bash

When the new version of JIB is released my dependabot configuration doesn't update the YAML file.

Configuration of the Dependabot :

version: 2
updates:
  - package-ecosystem: github-actions
    directory: '/'
    schedule:
      interval: weekly

Question

Does someone know how to configure dependabot.yml for an implicitly declared library?
Or how to configure Dependabot.yml to automatically create an issue when a new JIB version is released?

github-actions jib dependabot maven-jib
Original Q&A
2

There are 2 best solutions below

0
Rasbypy On BEST ANSWER

You can do it with hiden-dependency-updater

Example of GitHub Workflow you can use:

name: Update hidden dependencies

on:
  schedule:
    - cron: '0 0 * * *'

jobs:
  update:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

      - uses: MathieuSoysal/[email protected]
        with:
          files: action.yml # List of files to update
          prefix: "com.google.cloud.tools:jib-maven-plugin:" # Prefix before the version, default is: ""
          suffix: ":build ."
          regex: "[0-9.]*"
          selector: "maven"
          github_repository: "GoogleContainerTools/jib"

      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }} # You need to create your own token with pull request rights
          commit-message: update jib
          title: Update jib
          body: Update jib to reflect release changes
          branch: update-jib
          base: main
3
Matteo On

From the doc:

The directory must be set to "/" to check for workflow files in .github/workflows.

  - package-ecosystem: "github-actions"
    # Workflow files stored in the
    # default location of `.github/workflows`
    directory: "/"
    schedule:
      interval: "daily"

So: try specifying a different directory, as example:

  - package-ecosystem: "github-actions"
    # Workflow files stored in the
    directory: "."
    schedule:
      interval: "daily"

Related Questions in GITHUB-ACTIONS

Related Questions in JIB

Related Questions in DEPENDABOT

Related Questions in MAVEN-JIB

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.