CODEWITHSUNDEEP
githubgithub-actionsdependabot
cmousset
cmousset

Reputation: 795

Enable GitHub Dependabot Updates for actions used in Composite actions

I have a GitHub repository which hosts GitHub Actions logic shared among other GitHub repositories. The file structure is:

.github
|_ .workflows
  |_ shared-workflow-1
     |_ ...
  |_ shared-workflow-2
     |_ ...
|_ custom-action-1
     |_ action.yaml
|_ custom-action-2
     |_ action.yaml

(Note that the workflows HAD to be declared in .github/workflows because of GitHub constraints, but the custom actions can be declared at repository root level, and can thus simply be called with my-github-logic-repo@custom-action1@main.)

My custom-action-* actions are composite actions, which rely themselves on GitHub actions from the marketplace, which I would like to be automatically updated by Dependabot.

I have enabled Dependabot on the repository with the following .github/dependabot.yml:

version: 2

updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"

But the issue is that Dependabot only open Pull Requests to update actions inside the workflows, and it completely ignores the actions inside my own custom composite actions.

Is there a way to make Dependabot look at my custom actions when checking for updates, or is it plain not supported at the moment?

Upvotes: 3

Views: 1563

Answers (1)

Benjamin W.
Benjamin W.

Reputation: 52102

According to this Dependabot issue, composite actions are supported.

Using the directories setting introduced in April 2024, you could do something like

  - package-ecosystem: github-actions
    directories:
      - /  # Still required to update workflows
      - /custom-action-1
      - /custom-action-2
    schedule:
      interval: weekly

This was also possible before directories, but required multiple entries:

  - package-ecosystem: github-actions
    directory: /  # Still required to update workflows
    schedule:
      interval: weekly

  - package-ecosystem: github-actions
    directory: /custom-action-1
    schedule:
      interval: weekly

  - package-ecosystem: github-actions
    directory: /custom-action-2
    schedule:
      interval: weekly

Upvotes: 3

Related Questions