diff --git a/.github/workflows/run.yml b/.github/workflows/run.yml index b06f409a..9dc11f01 100644 --- a/.github/workflows/run.yml +++ b/.github/workflows/run.yml @@ -10,7 +10,7 @@ jobs: matrix: package_manager: [bundler] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Prepare environment variables run: echo "IMAGE_NAME=dependabot/dependabot-script" >> $GITHUB_ENV - name: Build Dockerfile diff --git a/Dockerfile b/Dockerfile index a5efaec4..cf72c339 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM dependabot/dependabot-core:0.142.0 +FROM dependabot/dependabot-core:0.215.0 ARG CODE_DIR=/home/dependabot/dependabot-script RUN mkdir -p ${CODE_DIR} diff --git a/Gemfile b/Gemfile index 28a6160f..03084088 100644 --- a/Gemfile +++ b/Gemfile @@ -3,4 +3,4 @@ source "https://rubygems.org" gem "irb" -gem "dependabot-omnibus", "~> 0.142.0" +gem "dependabot-omnibus", "~> 0.209.0" diff --git a/Gemfile.lock b/Gemfile.lock index c0125831..a3db84e6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,175 +1,167 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.1.3.1) + activesupport (7.0.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) ast (2.4.2) - aws-eventstream (1.1.1) - aws-partitions (1.444.0) - aws-sdk-codecommit (1.42.0) - aws-sdk-core (~> 3, >= 3.112.0) + aws-eventstream (1.2.0) + aws-partitions (1.619.0) + aws-sdk-codecommit (1.51.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.114.0) + aws-sdk-core (3.132.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.239.0) + aws-partitions (~> 1, >= 1.525.0) aws-sigv4 (~> 1.1) - jmespath (~> 1.0) - aws-sdk-ecr (1.42.0) - aws-sdk-core (~> 3, >= 3.112.0) + jmespath (~> 1, >= 1.6.1) + aws-sdk-ecr (1.56.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sigv4 (1.2.3) + aws-sigv4 (1.5.1) aws-eventstream (~> 1, >= 1.0.2) citrus (3.0.2) - commonmarker (0.21.2) - ruby-enum (~> 0.5) - concurrent-ruby (1.1.8) - dependabot-bundler (0.142.0) - dependabot-common (= 0.142.0) - dependabot-cargo (0.142.0) - dependabot-common (= 0.142.0) - dependabot-common (0.142.0) + commonmarker (0.23.6) + concurrent-ruby (1.1.10) + dependabot-bundler (0.209.0) + dependabot-common (= 0.209.0) + dependabot-cargo (0.209.0) + dependabot-common (= 0.209.0) + dependabot-common (0.209.0) activesupport (>= 6.0.0) aws-sdk-codecommit (~> 1.28) aws-sdk-ecr (~> 1.5) bundler (>= 1.16, < 3.0.0) - commonmarker (>= 0.20.1, < 0.22.0) + commonmarker (>= 0.20.1, < 0.24.0) docker_registry2 (~> 1.7, >= 1.7.1) excon (~> 0.75) - gitlab (= 4.17.0) + faraday (= 2.3.0) + gitlab (= 4.19.0) nokogiri (~> 1.8) - octokit (~> 4.6) - pandoc-ruby (~> 2.0) + octokit (>= 4.6, < 6.0) parser (>= 2.5, < 4.0) toml-rb (>= 1.1.2, < 3.0) - dependabot-composer (0.142.0) - dependabot-common (= 0.142.0) - dependabot-dep (0.142.0) - dependabot-common (= 0.142.0) - dependabot-docker (0.142.0) - dependabot-common (= 0.142.0) - dependabot-elm (0.142.0) - dependabot-common (= 0.142.0) - dependabot-git_submodules (0.142.0) - dependabot-common (= 0.142.0) + dependabot-composer (0.209.0) + dependabot-common (= 0.209.0) + dependabot-docker (0.209.0) + dependabot-common (= 0.209.0) + dependabot-elm (0.209.0) + dependabot-common (= 0.209.0) + dependabot-git_submodules (0.209.0) + dependabot-common (= 0.209.0) parseconfig (~> 1.0, < 1.1.0) - dependabot-github_actions (0.142.0) - dependabot-common (= 0.142.0) - dependabot-go_modules (0.142.0) - dependabot-common (= 0.142.0) - dependabot-gradle (0.142.0) - dependabot-common (= 0.142.0) - dependabot-maven (= 0.142.0) - dependabot-hex (0.142.0) - dependabot-common (= 0.142.0) - dependabot-maven (0.142.0) - dependabot-common (= 0.142.0) - dependabot-npm_and_yarn (0.142.0) - dependabot-common (= 0.142.0) - dependabot-nuget (0.142.0) - dependabot-common (= 0.142.0) - dependabot-omnibus (0.142.0) - dependabot-bundler (= 0.142.0) - dependabot-cargo (= 0.142.0) - dependabot-common (= 0.142.0) - dependabot-composer (= 0.142.0) - dependabot-dep (= 0.142.0) - dependabot-docker (= 0.142.0) - dependabot-elm (= 0.142.0) - dependabot-git_submodules (= 0.142.0) - dependabot-github_actions (= 0.142.0) - dependabot-go_modules (= 0.142.0) - dependabot-gradle (= 0.142.0) - dependabot-hex (= 0.142.0) - dependabot-maven (= 0.142.0) - dependabot-npm_and_yarn (= 0.142.0) - dependabot-nuget (= 0.142.0) - dependabot-python (= 0.142.0) - dependabot-terraform (= 0.142.0) - dependabot-python (0.142.0) - dependabot-common (= 0.142.0) - dependabot-terraform (0.142.0) - dependabot-common (= 0.142.0) - docker_registry2 (1.10.0) + dependabot-github_actions (0.209.0) + dependabot-common (= 0.209.0) + dependabot-go_modules (0.209.0) + dependabot-common (= 0.209.0) + dependabot-gradle (0.209.0) + dependabot-common (= 0.209.0) + dependabot-maven (= 0.209.0) + dependabot-hex (0.209.0) + dependabot-common (= 0.209.0) + dependabot-maven (0.209.0) + dependabot-common (= 0.209.0) + dependabot-npm_and_yarn (0.209.0) + dependabot-common (= 0.209.0) + dependabot-nuget (0.209.0) + dependabot-common (= 0.209.0) + dependabot-omnibus (0.209.0) + dependabot-bundler (= 0.209.0) + dependabot-cargo (= 0.209.0) + dependabot-common (= 0.209.0) + dependabot-composer (= 0.209.0) + dependabot-docker (= 0.209.0) + dependabot-elm (= 0.209.0) + dependabot-git_submodules (= 0.209.0) + dependabot-github_actions (= 0.209.0) + dependabot-go_modules (= 0.209.0) + dependabot-gradle (= 0.209.0) + dependabot-hex (= 0.209.0) + dependabot-maven (= 0.209.0) + dependabot-npm_and_yarn (= 0.209.0) + dependabot-nuget (= 0.209.0) + dependabot-pub (= 0.209.0) + dependabot-python (= 0.209.0) + dependabot-terraform (= 0.209.0) + dependabot-pub (0.209.0) + dependabot-common (= 0.209.0) + dependabot-python (0.209.0) + dependabot-common (= 0.209.0) + dependabot-terraform (0.209.0) + dependabot-common (= 0.209.0) + docker_registry2 (1.11.0) rest-client (>= 1.8.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - excon (0.79.0) - faraday (1.3.0) - faraday-net_http (~> 1.0) - multipart-post (>= 1.2, < 3) - ruby2_keywords - faraday-net_http (1.0.1) - gitlab (4.17.0) - httparty (~> 0.18) - terminal-table (~> 1.5, >= 1.5.1) + excon (0.92.4) + faraday (2.3.0) + faraday-net_http (~> 2.0) + ruby2_keywords (>= 0.0.4) + faraday-net_http (2.1.0) + gitlab (4.19.0) + httparty (~> 0.20) + terminal-table (>= 1.5.1) http-accept (1.7.0) - http-cookie (1.0.3) + http-cookie (1.0.5) domain_name (~> 0.5) - httparty (0.18.1) + httparty (0.20.0) mime-types (~> 3.0) multi_xml (>= 0.5.2) - i18n (1.8.10) + i18n (1.12.0) concurrent-ruby (~> 1.0) - io-console (0.5.9) - irb (1.3.5) - reline (>= 0.1.5) - jmespath (1.4.0) - mime-types (3.3.1) + io-console (0.5.11) + irb (1.4.1) + reline (>= 0.3.0) + jmespath (1.6.1) + mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2021.0225) - mini_portile2 (2.5.1) - minitest (5.14.4) + mime-types-data (3.2022.0105) + mini_portile2 (2.8.0) + minitest (5.16.3) multi_xml (0.6.0) - multipart-post (2.1.1) netrc (0.11.0) - nokogiri (1.11.4) - mini_portile2 (~> 2.5.0) + nokogiri (1.13.8) + mini_portile2 (~> 2.8.0) racc (~> 1.4) - octokit (4.20.0) - faraday (>= 0.9) - sawyer (~> 0.8.0, >= 0.5.3) - pandoc-ruby (2.1.4) + octokit (5.2.0) + faraday (>= 1, < 3) + sawyer (~> 0.9) parseconfig (1.0.8) - parser (3.0.1.0) + parser (3.1.2.1) ast (~> 2.4.1) - public_suffix (4.0.6) - racc (1.5.2) - reline (0.2.5) + public_suffix (4.0.7) + racc (1.6.0) + reline (0.3.1) io-console (~> 0.5) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) - ruby-enum (0.9.0) - i18n - ruby2_keywords (0.0.4) - sawyer (0.8.2) + ruby2_keywords (0.0.5) + sawyer (0.9.2) addressable (>= 2.3.5) - faraday (> 0.8, < 2.0) - terminal-table (1.8.0) - unicode-display_width (~> 1.1, >= 1.1.1) - toml-rb (2.0.1) + faraday (>= 0.17.3, < 3) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + toml-rb (2.2.0) citrus (~> 3.0, > 3.0) - tzinfo (2.0.4) + tzinfo (2.0.5) concurrent-ruby (~> 1.0) unf (0.1.4) unf_ext - unf_ext (0.0.7.7) - unicode-display_width (1.7.0) - zeitwerk (2.4.2) + unf_ext (0.0.8.2) + unicode-display_width (2.2.0) PLATFORMS ruby DEPENDENCIES - dependabot-omnibus (~> 0.142.0) + dependabot-omnibus (~> 0.209.0) irb BUNDLED WITH diff --git a/README.md b/README.md index eda41080..c7b61335 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,10 @@ -# Dependabot Update Script - Notes & customizations on this fork +# Dependabot Update Script + +## Notes & customizations on this fork To use in a on-premise Gitlab+Jenkins platform. Tested on the java, .NET and docker ecosystems -## Added features +### Added features - Environment variable: `DRY_RUN`, Default: false. If set to true `DRY_RUN=true`, only displays dependencies that should be updated, but no PR are submitted. @@ -27,7 +29,7 @@ To use in a on-premise Gitlab+Jenkins platform. Tested on the java, .NET and doc - Other reminders: - Schedules a reminder to open merge request if they have not been updated for two weeks (including non-dependabot) -## Issues and solutions +### Issues and solutions - Jenkins may fail to clone the dependabot PR branch because encodes the slash character when getting the branch name: - Get the branch name: `def branch=${env.BRANCH_NAME}` @@ -42,16 +44,19 @@ To use in a on-premise Gitlab+Jenkins platform. Tested on the java, .NET and doc - Example Nginx configuration that fails: `location /myroot/ { proxy_pass http://127.0.0.1:/myroot/; }` - Example Nginx configuration that works: `location /myroot/ { proxy_pass http://127.0.0.1:; }` -# Dependabot Update Script [![Dependabot Status](https://api.dependabot.com/badges/status?host=github&identifier=131328855)](https://dependabot.com) +# Dependabot Update Script (original doc) -This repo contains two scripts that demonstrates +This repo contains two scripts that demonstrate [Dependabot Core][dependabot-core]. It is intended to give you a feel for how Dependabot Core works so that you can use it in your own project. If you're looking for a hosted, feature-rich dependency updater then you probably want [Dependabot][dependabot] itself. -## Setup and usage +If instead you want to run it manually, the quickest and easiest way to run +dependabot yourself is via the [Docker image](#running-script-with-dependabot-script-dockerfile). + +## Local setup and usage ```shell rbenv install # (Install Ruby version from ./.ruby-version) @@ -60,7 +65,7 @@ bundle install ### Native helpers -Languages that require native helpers to be installed: Terraform, Python, Go (Dep & Modules), Elixir, PHP, JS +Languages that require native helpers to be installed: Terraform, Python, Go, Elixir, PHP, JS To install the native helpers, export an environment variable that points to the directory into which the helpers should be installed and add the relevant bins @@ -79,8 +84,7 @@ Copy the relevant helpers from the gem source to the new install location | ---------- | -------------------------------------------------------------------------------------------------------- | | Terraform | `cp -r $(bundle show dependabot-terraform)/helpers $DEPENDABOT_NATIVE_HELPERS_PATH/terraform/helpers` | | Python | `cp -r $(bundle show dependabot-python)/helpers $DEPENDABOT_NATIVE_HELPERS_PATH/python/helpers` | -| Go Dep | `cp -r $(bundle show dependabot-dep)/helpers $DEPENDABOT_NATIVE_HELPERS_PATH/dep/helpers` | -| Go Modules | `cp -r $(bundle show dependabot-go_modules)/helpers $DEPENDABOT_NATIVE_HELPERS_PATH/go_modules/helpers` | +| Go | `cp -r $(bundle show dependabot-go_modules)/helpers $DEPENDABOT_NATIVE_HELPERS_PATH/go_modules/helpers` | | Elixir | `cp -r $(bundle show dependabot-hex)/helpers $DEPENDABOT_NATIVE_HELPERS_PATH/hex/helpers` | | PHP | `cp -r $(bundle show dependabot-composer)/helpers $DEPENDABOT_NATIVE_HELPERS_PATH/composer/helpers` | | JS | `cp -r $(bundle show dependabot-npm_and_yarn)/helpers $DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn/helpers` | @@ -91,8 +95,7 @@ Build the helpers you want to use (you'll also need the corresponding language i | ---------- | --------------------------------------------------------------------------------------------------------- | | Terraform | `$DEPENDABOT_NATIVE_HELPERS_PATH/terraform/helpers/build $DEPENDABOT_NATIVE_HELPERS_PATH/terraform` | | Python | `$DEPENDABOT_NATIVE_HELPERS_PATH/python/helpers/build $DEPENDABOT_NATIVE_HELPERS_PATH/python` | -| Go Dep | `$DEPENDABOT_NATIVE_HELPERS_PATH/dep/helpers/build $DEPENDABOT_NATIVE_HELPERS_PATH/dep` | -| Go Modules | `$DEPENDABOT_NATIVE_HELPERS_PATH/go_modules/helpers/build $DEPENDABOT_NATIVE_HELPERS_PATH/go_modules` | +| Go | `$DEPENDABOT_NATIVE_HELPERS_PATH/go_modules/helpers/build $DEPENDABOT_NATIVE_HELPERS_PATH/go_modules` | | Elixir | `$DEPENDABOT_NATIVE_HELPERS_PATH/hex/helpers/build $DEPENDABOT_NATIVE_HELPERS_PATH/hex` | | PHP | `$DEPENDABOT_NATIVE_HELPERS_PATH/composer/helpers/build $DEPENDABOT_NATIVE_HELPERS_PATH/composer` | | JS | `$DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn/helpers/build $DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn` | @@ -110,6 +113,7 @@ Variable Name | Default | Notes `PROJECT_PATH` | N/A (Required) | Path to repository. Usually in the format `/`. `BRANCH ` | N/A (Optional) | Branch to fetch manifest from and open pull requests against. `PULL_REQUESTS_ASSIGNEE` | N/A (Optional) | User to assign to the created pull request. +`OPTIONS` | `{}` | JSON options to customize the operation of Dependabot There are other variables that you must pass to your container that will depend on the Git source you use: @@ -163,6 +167,10 @@ There are a few ways of running the script: * non-interactively with `./generic-update-script.rb`, * and non-interactively using Docker. +You can also set it up to run as part of your repositories workflows + * [GitHub Actions Standalone](#github-actions-standalone) + * [GitLab](#gitlab-ci) + #### Running `update-script.rb` (GitHub only) 1. `bundle exec irb` @@ -255,6 +263,20 @@ docker run -v "$(pwd):/home/dependabot/dependabot-script" -w /home/dependabot/de ``` docker run --rm -v "$(pwd):/home/dependabot/dependabot-script" -w /home/dependabot/dependabot-script -e ENV_VARIABLE=value dependabot/dependabot-core bundle exec ruby ./generic-update-script.rb ``` +### GitHub Actions Standalone +The easiest and most common way to run Dependabot on GitHub is using the built-in +Dependabot service as described [here](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions). This is recommended for most users. + +However, sometimes you may need to run Dependabot manually either for testing, or to enable features/plugins that are +not currently available in Dependabot. This is relatively straight-forward to achieve with a shell-based GitHub action. + + * In your GitHub repository, create a directory `.github/workflows` if it doesn't already exist. + * Copy [manual-github-actions.yaml](./manual-github-actions.yaml) into that directory. + * Customize `PACKAGE_MANAGER` to suit your needs, see the [possible values above.](#environment-variables) + * (Optional) Customize `OPTIONS` to suit your needs or delete + +By default this action is set to run on workflow dispatch, which means that you need to manually trigger the workflow run. +If you would rather run it on a set schedule, you can switch to [schedule dispatch](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule). ### GitLab CI @@ -263,7 +285,7 @@ Many pipeline schedules can be added on that single repo to manage multiple proj Thus `https://[gitlab.domain/org/dependabot-script-repo]/pipeline_schedules` dashboard becomes your own dependabot admin interface. * Clone or mirror this repository. -* Copy `.gitlab-ci.example.yml` to `.gitlab-ci.yml` or set [a custom CI config path for direct usage](https://docs.gitlab.com/ee/user/project/pipelines/settings.html#custom-ci-config-path). +* Copy `.gitlab-ci.example.yml` to `.gitlab-ci.yml` or set [a custom CI config path for direct usage](https://docs.gitlab.com/ee/ci/pipelines/settings.html#specify-a-custom-cicd-configuration-file). * [Set the required global variables](https://docs.gitlab.com/ee/ci/variables/#variables) used in [`./generic-update-script.rb`][generic-script]. * Create [a pipeline schedule](https://docs.gitlab.com/ee/user/project/pipelines/schedules.html) for each managed repository. * Set in the schedule the required variables: diff --git a/azure-pipeline.example.yml b/azure-pipeline.example.yml new file mode 100644 index 00000000..058fb680 --- /dev/null +++ b/azure-pipeline.example.yml @@ -0,0 +1,66 @@ +# Source Documentation +# https://marketplace.visualstudio.com/items?itemName=tingle-software.dependabot +# https://sanderh.dev/Dependabot-Azure-DevOps/ +# https://www.youtube.com/watch?v=4ELai1FivK4 +# https://github.com/dependabot/dependabot-script + +# Display name when the pipeline is running +name: 'Dependabot -- $(Date:yyyyMMdd)$(Rev:.r)' + +# Disable CI trigger +trigger: none + +# Schedules instead of triggers runs the job on interval not on trigger +schedules: +# daily at 2am GMT-7 +- cron: '0 9 * * *' + # run even when there are no code changes + always: true + # run only on these branches + branches: + include: + - main + displayName: Daily + +jobs: + - job: 'Dependabot' + pool: + # requires macos or ubuntu (windows is not supported) + vmImage: 'ubuntu-latest' + + # Vars to be passed to the docker image + variables: + - name: DIRECTORY_PATH + value: / + - name: PACKAGE_MANAGER + value: pip + # On Azure DevOps this should be the: //_git/ + - name: PROJECT_PATH + value: Covered-CA/Data%20Team/_git/Python%20Intake%20Process%20App + # Who "Opened" the Pull request. Useful to assign to a service account named "Dependabot" + - name: PULL_REQUESTS_ASSIGNEE + value: 'Dependabot' + + steps: + # Get the repo + - script: git clone https://github.com/dependabot/dependabot-script.git + displayName: Clone Dependabot config repo + # Build the docker image + - script: | + cd dependabot-script + docker build -t "dependabot/dependabot-script" -f Dockerfile . + displayName: Build Dependabot Image + # Pass your vars to the docker image and execute + # NOTE: + # You need to get a Person Access Token and to keep it {SECRET} use The [Variables] button in the + # Azure-Pipelines interface to create a Environmental Variable that the docker image can access but + # isn't in plain text. Same for the GitHub Access Token if your dependencies are only on GitHub + - script: | + docker run --rm -e AZURE_ACCESS_TOKEN='$(PAT)' \ + -e GITHUB_ACCESS_TOKEN='$(GHPAT)' \ + -e PACKAGE_MANAGER='$(PACKAGE_MANAGER)' \ + -e PROJECT_PATH='$(PROJECT_PATH)' \ + -e DIRECTORY_PATH='$(DIRECTORY_PATH)' \ + -e PULL_REQUESTS_ASSIGNEE='$(PULL_REQUESTS_ASSIGNEE)' \ + dependabot/dependabot-script + displayName: Run Dependabot diff --git a/generic-update-script.rb b/generic-update-script.rb index 55c246de..6e1a3ae8 100644 --- a/generic-update-script.rb +++ b/generic-update-script.rb @@ -8,6 +8,7 @@ require "dependabot/pull_request_creator" require "dependabot/omnibus" require "gitlab" +require "json" require_relative "custom/custom_util" credentials = [ @@ -46,6 +47,10 @@ # - terraform package_manager = ENV["PACKAGE_MANAGER"] || "bundler" +# Expected to be a JSON object passed to the underlying components +options = JSON.parse(ENV["OPTIONS"] || "{}", {:symbolize_names => true}) +puts "Running with options: #{options}" + if ENV["GITHUB_ENTERPRISE_ACCESS_TOKEN"] credentials << { "type" => "git_source", @@ -104,7 +109,7 @@ credentials << { "type" => "git_source", "host" => bitbucket_hostname, - "username" => nil, + "username" => "x-token-auth", "token" => ENV["BITBUCKET_ACCESS_TOKEN"] } @@ -114,7 +119,7 @@ api_endpoint: ENV["BITBUCKET_API_URL"] || "https://api.bitbucket.org/2.0/", repo: repo_name, directory: directory, - branch: nil, + branch: branch, ) elsif ENV["BITBUCKET_APP_USERNAME"] && ENV["BITBUCKET_APP_PASSWORD"] bitbucket_hostname = ENV["BITBUCKET_HOSTNAME"] || "bitbucket.org" @@ -150,6 +155,7 @@ fetcher = Dependabot::FileFetchers.for_package_manager(package_manager).new( source: source, credentials: credentials, + options: options, ) files = fetcher.files @@ -163,6 +169,7 @@ dependency_files: files, source: source, credentials: credentials, + options: options, ) dependencies = parser.parse @@ -180,6 +187,7 @@ dependency: dep, dependency_files: files, credentials: credentials, + options: options, ignored_versions: ignored_versions, ) @@ -224,6 +232,7 @@ dependencies: updated_deps, dependency_files: files, credentials: credentials, + options: options, ) updated_files = updater.updated_dependency_files diff --git a/manual-github-actions.yaml b/manual-github-actions.yaml new file mode 100644 index 00000000..7cdf09f3 --- /dev/null +++ b/manual-github-actions.yaml @@ -0,0 +1,35 @@ +name: ManualDependabot + +on: + workflow_dispatch: + +permissions: + contents: read + +jobs: + dependabot: + permissions: + contents: write # for Git to git push + pull-requests: write # for repo-sync/pull-request to create pull requests + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v3 + - name: Checkout dependabot + run: | + cd /tmp/ + git clone https://github.com/dependabot/dependabot-script + - name: Build image + run: | + cd /tmp/dependabot-script + docker build -t "dependabot/dependabot-script" -f Dockerfile . + - name: Run dependabot + env: + # Select your package manager + PACKAGE_MANAGER: docker + # Options can turn on extra features (not required) + OPTIONS: | + { "kubernetes_updates": true } + GITHUB_ACCESS_TOKEN: ${{ github.token }} + run: | + docker run -v $PWD:/src -e PROJECT_PATH=$GITHUB_REPOSITORY -e PACKAGE_MANAGER=$PACKAGE_MANAGER -e DIRECTORY=src -e GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN -e OPTIONS="$OPTIONS" dependabot/dependabot-script