A github action for running dependabot on repositories using cake-build.
- Goal
- Install
- Usage
- Limitations
- Full Example
- Background
- Idea / Attribution
- Running Locally
- Alternatives
- Maintainers
- Contributing
- License
The goal of this project is two-fold:
- Enable users of dependabot to have a dependabot-like way to keep Cake dependencies up-to-date.
- To keep the code for integrating Cake as a new ecosystem in dependabot up-to-date and tested.
To that end, I have forked the original PR into a custom repo where I try to keep the original code from dependabot-PR 1848 up-to-date and error-free.
Use the action in your workflow yaml by adding a step with uses: nils-org/dependabot-cake-action@v1.
- name: check/update cake references
uses: nils-org/dependabot-cake-action@v1
with:
# Where to look for cake files to check for dependency upgrades.
# The directory is relative to the repository's root.
# Multiple paths can be provided by splitting them with a new line.
# Example:
# directory: |
# /path/to/first/module
# /path/to/second/module
# Default: "/"
directory: ""
# Branch to create pull requests against.
# By default your repository's default branch is used.
target_branch: ""
# Auth token used to push the changes back to github and create the pull request with.
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
# default: ${{ github.token }}
token: ""
# List of dependencies that will not be updated
# Example:
# ignore: |
# Cake.7zip
# Cake.asciidoctorj
# default: none
ignore: ""This not a real dependabot, so there are no "commands" to give (like @dependabot rebase and such). If you need to rebase the PR, you'll have to do that manually.
Save the following content in you're repo under .github/workflows/dependabot-cake.yml
name: dependabot-cake
on:
workflow_dispatch:
schedule:
# run everyday at 6
- cron: '0 6 * * *'
jobs:
dependabot-cake:
runs-on: ubuntu-latest # linux, because this is a docker-action
steps:
- name: check/update cake dependencies
uses: nils-org/dependabot-cake-action@v1.1.0The original code was developed for dependabot/dependabot-core#1848 (a PR for dependabot/dependabot-core#733): To have dependabot check cake-references.
Currently dependabot has postponed adding new ecosystems and sadly merging dependabot/dependabot-core#1848 might take some time.
Most of this was shamelessly copied from https://github.com/patrickjahns/dependabot-terraform-action/
It is also possible to run this action locally:
-
Clone this repo
-
build the docker image
cd src && docker build -t dependabot-cake:develop . -
run the container and give the needed environment-vars
docker run --rm -e DRY_RUN=1 -e GITHUB_REPOSITORY=nils-a/Cake.7zip -e INPUT_TARGET_BRANCH=develop -e INPUT_TOKEN=your-github-api-token dependabot-cake:develop
Build-ImageCreates the image.imageName=some-image-nameto set the image name. Default:dependabot-cake
Run-TestRuns a container off the image locally. Settings:--test-RepositoryName=owner/repoto set a repository. Default:nils-a/Cake.7zip--test-RepositoryBranch=branchto set a branch. Default:develop- Environment variable
INPUT_TOKENmust be set to a personal access token. --test-folder=subfolderto set a folder to search. Can be given multiple times. Default:["/"]--test-no-dryrunif set, real PRs are created.--test-ignore=Cake.7zipignore a dependency. Can be given multiple times. Default:[]
One alternative to dependabot is Renovate which fully supports Cake. See the post on cakebuild.net for a sample integration.
We accept Pull Requests.
Small note: If editing the Readme, please conform to the standard-readme specification.
- Nils Andresen