Skip to content
/ validate-dependabot Public
generated from actions/typescript-action

A GitHub Action which reads a repository's dependabot.yml, and compares it with the languages present in the repo to check for any unconfigured supported languages.

License

MIT license
2 stars 1 fork Branches Tags Activity
Star

chrisreddington/validate-dependabot

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Repository files navigation

Validate Dependabot Configuration

GitHub Super-Linter CI Check dist/ CodeQL Coverage Validate Repository Configuration

This action validates that your repository has Dependabot configured for most supported package ecosystems (via dependabot.yml) based on the programming languages used in your repository.

What it does

  • Detects programming languages used in your repository
  • Maps languages to their corresponding package ecosystems
  • Validates that your dependabot.yml includes configurations for all relevant package ecosystems
  • Fails if required ecosystems are missing from your Dependabot configuration

Supported Ecosystems

Package Manager Languages
npm JavaScript, TypeScript
pip Python
maven Java
nuget C#, F#
bundler Ruby
composer PHP
cargo Rust
gomod Go
mix Elixir
gradle Java, Kotlin

For Dependabot's most up to date list (not necessarily this action), please check the GitHub docs.

Usage

Add this action to your workflow:

name: Validate Dependabot Config
on:
  pull_request:
  push:
    branches: [main]

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Validate Dependabot Configuration
        uses: chrisreddington/[email protected]
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

Required Inputs

Input Description Required Default
github-token GitHub token for repository access No Defaults to the automatically generated token. You may override this if you require additional permissions beyond the default token.

Example dependabot.yml

Create a .github/dependabot.yml file in your repository with configurations for your package ecosystems:

version: 2
updates:
  - package-ecosystem: 'npm'
    directory: '/'
    schedule:
      interval: 'weekly'

  - package-ecosystem: 'pip'
    directory: '/'
    schedule:
      interval: 'weekly'

Troubleshooting

The action may fail with the following messages:

  1. No .github/dependabot.yml file found

    • Create a dependabot.yml file in your .github directory
    • Ensure the file has correct YAML syntax

  2. Missing Dependabot configuration for ecosystems: X, Y, Z

    • Add configurations for the listed ecosystems to your dependabot.yml
    • Each ecosystem needs its own update block in the configuration

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

A GitHub Action which reads a repository's dependabot.yml, and compares it with the languages present in the repo to check for any unconfigured supported languages.

Topics

validator dependabot github-actions

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 6

v0.0.6 Latest
Feb 11, 2025
+ 5 releases

Contributors 2

  •  
  •  

Languages