I need to configure dependabot for a large number of repos (manually configuring will take days ).
Some repos are "single language" such as typescript using a single package.json package-ecosystem: npm while other repositories are styled as "mono repos" and use a variety of languages and accompanying package managers with different nestings.
As the dependabot.yml file needs to be configured with the appropriate root and package ecosystem, I can not re-use a simple config file and expect it to work for all.
I am scripting this, but cloning so many repositories are slow and error-prone.
An example of a "complex" dependabot config file looks like this:
version: 2
updates:
- package-ecosystem: cargo
directory: "/package/a"
schedule:
interval: daily
- package-ecosystem: cargo
directory: "/package/b"
schedule:
interval: daily
- package-ecosystem: cargo
directory: "/package/c"
schedule:
interval: daily
- package-ecosystem: cargo
directory: "/package/a"
schedule:
interval: daily
- package-ecosystem: npm
directory: "/sites/a"
schedule:
interval: daily
- package-ecosystem: npm
directory: "/sites/b"
schedule:
interval: daily
... 20 other roots
I would hope for an option such as the following:
- package-ecosystem: npm
directory: "/sites/*" <<<<< some wild card / pattern matching here?
schedule:
interval: daily
- package-ecosystem: cargo
directory: "/package/*"
schedule:
interval: daily
GitHub Dependabot is not currently capabale of wildcards, but it has been a long requested feature in the
dependabot-corerepository.Some kind people built automation that can generate a
dependabot.ymlfile based on your wildcards and the files in your repository. For example check the Action by Makeshift on GitHub.