GitHub Action
Validate Dependabot Configuration
v0.0.5
Latest version
This action validates that your repository has Dependabot configured for all supported package ecosystems (via dependabot.yml) based on the programming languages used in your repository.
- Detects programming languages used in your repository
- Maps languages to their corresponding package ecosystems
- Validates that your
dependabot.yml
includes configurations for all relevant package ecosystems - Fails if required ecosystems are missing from your Dependabot configuration
Package Manager | Languages |
---|---|
npm | JavaScript, TypeScript |
pip | Python |
maven | Java |
nuget | C#, F# |
bundler | Ruby |
composer | PHP |
cargo | Rust |
gomod | Go |
mix | Elixir |
gradle | Java, Kotlin |
For the most up to date list, please check the GitHub docs.
Add this action to your workflow:
name: Validate Dependabot Config
on:
pull_request:
push:
branches: [main]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate Dependabot Configuration
uses: chrisreddington/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
Input | Description | Required | Default |
---|---|---|---|
github-token | GitHub token for repository access | No | Defaults to the automatically generated token. You may override this if you require additional permissions beyond the default token. |
Create a .github/dependabot.yml file in your repository with configurations for your package ecosystems:
version: 2
updates:
- package-ecosystem: 'npm'
directory: '/'
schedule:
interval: 'weekly'
- package-ecosystem: 'pip'
directory: '/'
schedule:
interval: 'weekly'
The action may fail with the following messages:
-
No .github/dependabot.yml file found
- Create a dependabot.yml file in your .github directory
- Ensure the file has correct YAML syntax
-
Missing Dependabot configuration for ecosystems: X, Y, Z
- Add configurations for the listed ecosystems to your dependabot.yml
- Each ecosystem needs its own update block in the configuration
This project is licensed under the MIT License - see the LICENSE file for details.