Keep your dependabot.yaml up to date.
Dependabot_gen is a Dart CLI tool to assist in the creation and maintenance of dependabot.yaml
files in a project.
It aims to create, validate, and maintain such files.
The life of an OSS maintainer is often plagued with repetitive and boring tasks. That is why some of us are obsessed with automation. One of such task is to keep a project's dependencies up to date, entering dependabot.
Dependabot does a heck of a job automating the process of monitoring and updating dependencies. But (there's always a but) it introduces a new task: keep the dependabot.yaml
up to date, with the correct configurations, pointing to the correct paths within the project.
- What if you move a project within the repo and forget to update that
dependabot.yaml
file? - What if I have a mono repo and there are a ton of projects inside and I want to create a brand new
dependabot.yaml
? - What if I wanna make sure the packages in the
dependabot.yaml
covers all the different package ecosystems I use?
Well, in all of those cases, you are dead. Or the equivalent of that: you have to do manual work.
We need automation to automate that automation. That's why this exists.
Since this is a Dart CLI, you will need some of the sweet sweet Dart SDK installed. See here how, and a GitHub action for that.
To make it available globally, activate it:
dart pub global activate dependabot_gen
Or locally via:
dart pub global activate --source=path <path to this package>
After activation, make sure the dart cache is on your path. if so you can run:
$ depgen --help
# or if you don't have the dart cache in your path
$ dart pub global run dependabot_gen --help
This command will search for packages to be covered by the repos dependabot.yaml
. If a dependabot.yaml
already exists, it will keep the existing valid entries and remove the invalid ones (outdated).
Examples:
$ depgen create
# Only consider some package ecosystems, and also ignore some paths for package verification.
$ depgen create --ecosystems cargo,pub,npm --ignore-paths test/fixtures
# Sets "some/path" as repository root and creates update entries with "monthly" schedules.
# Also sets the output to verbose.
$ depgen create --repo-root some/path --schedule-interval monthly --verbose
# See what else is available
$ depgen create --help
This is mostly just like create
, except it is a "dry-run", which means it will not create nor modify any files and will return a non-success code if it encounters anything that should be changed. It's ideal to run on CI.
Examples:
$ depgen diagnose
# Only consider some package ecosystems, and also ignore some paths for package verification.
$ depgen diagnose --ecosystems cargo,pub,npm --ignore-paths test/fixtures
# See what else is available
$ depgen diagnose --help