dependabot_gen

coverage License: BSD-3 pub package

Keep your dependabot.yaml up to date.

thumbnail


Dependabot_gen is a Dart CLI tool to assist in the creation and maintenance of dependabot.yaml files in a project.

It aims to create, validate, and maintain such files.

Why? ๐Ÿคจ

The life of an OSS maintainer is often plagued with repetitive and boring tasks. That is why some of us are obsessed with automation. One of such task is to keep a project's dependencies up to date, entering dependabot.

Dependabot does a heck of a job automating the process of monitoring and updating dependencies. But (there's always a but) it introduces a new task: keep the dependabot.yaml up to date, with the correct configurations, pointing to the correct paths within the project.

  • What if you move a project within the repo and forget to update that dependabot.yaml file?
  • What if I have a mono repo and there are a ton of projects inside and I want to create a brand new dependabot.yaml?
  • What if I wanna make sure the packages in the dependabot.yaml covers all the different package ecosystems I use?

Well, in all of those cases, you are dead. Or the equivalent of that: you have to do manual work.

We need automation to automate that automation. That's why this exists.

Getting Started ๐Ÿš€

Since this is a Dart CLI, you will need some of the sweet sweet Dart SDK installed. See here how, and a GitHub action for that.

To make it available globally, activate it:

dart pub global activate dependabot_gen

Or locally via:

dart pub global activate --source=path <path to this package>

Usage ๐Ÿค–

After activation, make sure the dart cache is on your path. if so you can run:

$ depgen --help

# or if you don't have the dart cache in your path

$ dart pub global run dependabot_gen --help

create command

This command will search for packages to be covered by the repos dependabot.yaml. If a dependabot.yaml already exists, it will keep the existing valid entries and remove the invalid ones (outdated).

Examples:

$ depgen create 

# Only consider some package ecosystems, and also ignore some paths for package verification.
$ depgen create --ecosystems cargo,pub,npm --ignore-paths test/fixtures

# Sets "some/path" as repository root and creates update entries with "monthly" schedules.
# Also sets the output to verbose.
$ depgen create --repo-root some/path --schedule-interval monthly --verbose

# See what else is available
$ depgen create --help

diagnose command

This is mostly just like create, except it is a "dry-run", which means it will not create nor modify any files and will return a non-success code if it encounters anything that should be changed. It's ideal to run on CI.

Examples:

$ depgen diagnose


# Only consider some package ecosystems, and also ignore some paths for package verification.
$ depgen diagnose --ecosystems cargo,pub,npm --ignore-paths test/fixtures


# See what else is available
$ depgen diagnose --help

Libraries

dependabot_gen
dependabot_gen, Keep your dependabot.yaml up to date