Problem: Dependabot configuration files are hard to maintain in a monorepo. It can't auto discover the different package ecosystems in the monorepo. Solution: A tool that can auto generate dependabot configuration files based on the package ecosystems in the monorepo.
- Generate dependabot configuration files based on the package ecosystems
- Detect package ecosystems based on the files in the monorepo
- Have a configuration file to specify extra rules
- [~] Have default rules for common package ecosystems
Just run the monorepo-dependabot-config . command in the root of your monorepo.
It will generate a dependabot configuration file based on the package ecosystems it finds in the monorepo.
You can also run this in CI to validate no package/project is left behind.
Install from crates.io
cargo install monorepo-dependabot-configBuild from source
After cloning the repository run:
cargo run- Generate a config file for a new repository
monorepo-dependabot-config --enable-default-rules .
Will generate all the possible dependabot rules it can find.
- Configure specific rules
monorepo-dependabot-config --extra-configuration-file=extra-config.yml .
where the configuration is
# extra-config.yml
generators:
- detector:
type: DIRECOTRY_HAS_FILE_FILE_MATCHING
config:
regex: ".*.tf"
generated_block:
package-ecosystem: terraform
schedule:
interval: daily
- detector:
type: DIRECOTRY_HAS_FILE_FILE_MATCHING
config:
regex: ".*.hcl"
generated_block:
package-ecosystem: terraform
schedule:
interval: dailyWe could also have some detectors detectors:
generators:
- detector:
type: HAS_FILE
config:
file_names:
match_type: ALL | ANY
generators:
- detector:
type: HAS_FILE_WITH_CONTENT_MATCHING
config:
regex: "a-regex"
The config file could have
generate:
- detector:
direcotry-has-file-file-matching:
regex: "aaa"
generated_block:
TBD