Skip to content

Dependency ecosystems not correctly detected #29

Open
@martincostello

Description

@martincostello

The logic to detect whether to configure package updates for most ecosystems, except for GitHub Actions and Terraform only appears to consider files in the root of the repository.

I found this after testing the action out on a .NET repository where the .csproj files are in subdirectories within the repository. The action generated a dependabot.yml file that only specified GitHub Actions updates.

Each file tested for should recurse through the repository to try and files (maybe within a configurable depth limit to reduce impact on rate limits) so that the generated file is a more accurate reflection of what should be configured.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingkeepdo not mark as staleready-for-workIssue is defined enough to begin implementation

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions