Dependabot-core: Timeline for availability on Github Enterprise?

We're definitely planning to support GitHub Enterprise, but I don't know timelines yet. I'll report back here when I do.

@greysteil what about the availability in private repos of an organization account?

That should already be working, unless I’m missing something about your question?

That should already be working, unless I’m missing something about your question?

We @digitaz don't see dependabot opening pull requests in our repos. Is there anything that we should do to enable it? (we have config files already)

ps: sorry @montrealist, for hijacking the thread.

Have you installed Dependabot Preview on those repos (from the marketplace)?

One day, either Dependabot will be available for self-hosting within our corporate GHE, or our corporate GHE will bridge to allow for Dependabot to be used against our internal repos. And when that day comes, I'm going to use the ability to leverage custom private repositories to update our corporate projects' pom.xml dependencies... and life is going to be good. I know it. I can feel it in my bones. And if not we're going to lose our collective corporate minds 😉 😬

Am looking forward to seeing if self-hosted GHE becomes a reality, but that's out of my control. In the mean time keep up the great work.

Is there an update on this front?

I am also curious to know what pricing will be applied.

Not a major one. We're planning to have GHE support by May 2020, but can't commit to that timeline yet. I can't provide any info on pricing yet.

@greysteil - did you mean May 2020 by chance?

Oops, yes! Updated.

What's the timeline for getting Dependabot for GHES?

It's reliant on Actions coming to GHES. Should be ~August. 🤞 🤞

Just checking to see if we're still on target for ~August. :D

It's the end of July, any update on this?
This GHE means cloud-hosted or self-hosted?
@greysteil

The team got pulled onto some other things, but this is now on the GitHub public roadmap, targeting January to March.

Github actions are now in beta on GHES. Is there any update on how to run this in enterprise yet?

Not beyond it still being on the public roadmap for Jan-March next year :-)

Just putting this here so others can also track it: github/roadmap#86 and github/roadmap#58

For the record, the two roadmap items referenced by @KaiSforza are now placed in "Q3/21" (for beta) and unspecified "Future" (for ga), unfortunately.

😞 🐼 thanks for clarifying this. I've sort of given up :)

😞 🐼 thanks for clarifying this. I've sort of given up :)

You're able to run dependabot in a docker image and point it to your GHE. We do this and it works great. Example https://github.com/dependabot/dependabot-script

I ran into some issues last time I used that script, where it would not check for open issues already and would open new ones the nest time it ran. This is one of the things heavily pushing me to gitlab instead. There is an actual gitlab dependabot service you can use very easily that does check for already opened issues.

https://gitlab.com/dependabot-gitlab/dependabot

😞 🐼 thanks for clarifying this. I've sort of given up :)

You're able to run dependabot in a docker image and point it to your GHE. We do this and it works great. Example https://github.com/dependabot/dependabot-script

Agreed, I should've said that I did do that, and got the docker version to work on my GHE, many thanks to those who have worked on it. I just wish I could orchestrate it all within GHE, because I am engineering lazy.

You're able to run dependabot in a docker image and point it to your GHE. We do this and it works great. Example https://github.com/dependabot/dependabot-script

Please correct me if I am wrong, but you'd need a Docker container per repository?

@jimmybrancaccio No, you can use the dependabot-script docker image and then pass in the configuration with environment variables.

You would need a separate container, iirc, though they can use the same image.

@busches Ah right, I think I was thinking the container ran 24/7, but you basically just run it whenever you want it to check for updates.