This repo contains two scripts that demonstrates Dependabot Core. It is intended to give you a feel for how Dependabot Core works so that you can use it in your own project.
If you're looking for a hosted, feature-rich dependency updater then you probably want Dependabot itself.
bundle install- Many languages require native helpers to be installed. First, export an environment variable that points to the directory into which the helpers should be installed:
export DEPENDABOT_NATIVE_HELPERS_PATH="$(pwd)/native-helpers" - Optional step for some langauges (for other languages no setup is needed):
- JS:
cd "$(bundle show dependabot-npm_and_yarn)" && helpers/build "$DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn" && cd - - Python:
cd "$(bundle show dependabot-python)" && helpers/build "$DEPENDABOT_NATIVE_HELPERS_PATH/python" && cd - - PHP:
cd "$(bundle show dependabot-composer)" && helpers/build "$DEPENDABOT_NATIVE_HELPERS_PATH/composer" && cd - - Elixir:
cd "$(bundle show dependabot-hex)" && helpers/build "$DEPENDABOT_NATIVE_HELPERS_PATH/hex" && cd - - Terraform:
cd "$(bundle show dependabot-terraform)" && helpers/build "$DEPENDABOT_NATIVE_HELPERS_PATH/terraform" && cd -
- JS:
bundle exec irb- Edit the variables at the top of the script you're using, or set the corresponding environment variables.
- Copy and paste the script into the Ruby session to see how Dependabot works.
If you run into any trouble with the above please create an issue!
- Clone or mirror this repository.
- Copy
.gitlab-ci.example.ymlto.gitlab-ci.ymlor set a custom CI config path for direct usage. - Set the required global variables used in
./generic-update-script.rb. - Create a pipeline schedule for each managed repository.
- Set in the schedule the required variables:
PROJECT_PATH:group/repositoryPACKAGE_MANAGER_SET:bundler,composer,npm_and_yarn