This action validates that your repository has Dependabot configured for most supported package ecosystems (via dependabot.yml) based on the programming languages used in your repository.

• Detects programming languages used in your repository
• Maps languages to their corresponding package ecosystems
• Validates that your dependabot.yml includes configurations for all relevant package ecosystems
• Fails if required ecosystems are missing from your Dependabot configuration

For Dependabot's most up to date list (not necessarily this action), please check the GitHub docs.

Add this action to your workflow:

name: Validate Dependabot Config
on:
  pull_request:
  push:
    branches: [main]

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Validate Dependabot Configuration
        uses: chrisreddington/[email protected]
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

Create a .github/dependabot.yml file in your repository with configurations for your package ecosystems:

version: 2
updates:
  - package-ecosystem: 'npm'
    directory: '/'
    schedule:
      interval: 'weekly'

  - package-ecosystem: 'pip'
    directory: '/'
    schedule:
      interval: 'weekly'

The action may fail with the following messages:

1. No .github/dependabot.yml file found

   • Create a dependabot.yml file in your .github directory
   • Ensure the file has correct YAML syntax

2. Missing Dependabot configuration for ecosystems: X, Y, Z

   • Add configurations for the listed ecosystems to your dependabot.yml
   • Each ecosystem needs its own update block in the configuration

This project is licensed under the MIT License - see the LICENSE file for details.