2

Introduction

I'm currently working on a project that automatically containerizes a java project with JIB.

GitHub project link.

Problem

The LIB library is implicitly used inside the YAML file, like this :

    - name: Build JIB container and publish to GitHub Packages
      run: |
        if [ ! -z "${{ inputs.module }}" ]; then
          MULTI_MODULE_ARGS="-am -pl ${{ inputs.module }}"
        fi

        if [ ! -z "${{ inputs.main-class }}" ]; then
          MAIN_CLASS_ARGS="-Djib.container.mainClass=${{ inputs.main-class }}"
        fi

        mvn package com.google.cloud.tools:jib-maven-plugin:3.2.1:build \
        -Djib.to.image=${{ inputs.REGISTRY }}/${{ steps.downcase.outputs.lowercase }}:${{ inputs.tag-name }} \
        -Djib.to.auth.username=${{ inputs.USERNAME }} \
        -Djib.to.auth.password=${{ inputs.PASSWORD }} $MULTI_MODULE_ARGS $MAIN_CLASS_ARGS
      shell: bash

When the new version of JIB is released my dependabot configuration doesn't update the YAML file.

Configuration of the Dependabot :

version: 2
updates:
  - package-ecosystem: github-actions
    directory: '/'
    schedule:
      interval: weekly

Question

Does someone know how to configure dependabot.yml for an implicitly declared library?
Or how to configure Dependabot.yml to automatically create an issue when a new JIB version is released?

ThrowsError
  • 1,169
  • 1
  • 11
  • 43

2 Answers2

1

You can do it with hiden-dependency-updater

Example of GitHub Workflow you can use:

name: Update hidden dependencies

on:
  schedule:
    - cron: '0 0 * * *'

jobs:
  update:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

      - uses: MathieuSoysal/hiden-dependency-updater@v1.1.1
        with:
          files: action.yml # List of files to update
          prefix: "com.google.cloud.tools:jib-maven-plugin:" # Prefix before the version, default is: ""
          suffix: ":build ."
          regex: "[0-9.]*"
          selector: "maven"
          github_repository: "GoogleContainerTools/jib"

      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }} # You need to create your own token with pull request rights
          commit-message: update jib
          title: Update jib
          body: Update jib to reflect release changes
          branch: update-jib
          base: main
Rasbypy
  • 251
  • 1
  • 13
0

From the doc:

The directory must be set to "/" to check for workflow files in .github/workflows.

  - package-ecosystem: "github-actions"
    # Workflow files stored in the
    # default location of `.github/workflows`
    directory: "/"
    schedule:
      interval: "daily"

So: try specifying a different directory, as example:

  - package-ecosystem: "github-actions"
    # Workflow files stored in the
    directory: "."
    schedule:
      interval: "daily"
Matteo
  • 37,680
  • 11
  • 100
  • 115
  • Thank you for your suggestion! I try it, but it didn't work: https://github.com/MathieuSoysal/jib-container-publish.yml/commit/9ffac1db7ada2c7cb90f3625748c5300374b8885 Do you know what? Or do you have another suggestion? – ThrowsError Sep 28 '22 at 12:09
  • double check if you see a `dependabot` section at this url https://github.com/MathieuSoysal/jib-container-publish.yml/network/updates – Matteo Sep 28 '22 at 12:29
  • I checked again, and I forced the Dependabot checking. But the dependabot doesn't update the Maven library inside the actions.yml. – ThrowsError Sep 28 '22 at 18:58