Dependabot-core: [feature] Support monitoring of several branches
It would be good if dependabot could support several branches - today it only monitors the default branch.
It's quite common to have a branch per tag for docker images - for instance java8, java11, java12, or several release/* branches.
To avoid scanning all kinds of short-lived branches, you could require a branch regex / set a limit or the likes.
davidkarlsen
All 11 comments
@davidkarlsen we currently support multiple branches but you'll have to add them individually from the dashboard ("add a language / directory"): https://app.dependabot.com
Having to add each branch will get annoying for short lived branches, but I'm curious why you need updates to short lived branches?
feelepxyz
on 9 May 2019
The oppsite: "to avoid scanning all sorts..."
Are you maybe confusing git-branches with directories? I don't see a way to add branches, only add directories.
davidkarlsen
on 9 May 2019
@davidkarlsen - it's the "target branch" under advanced options (unless I'm misunderstanding something):
greysteil
on 9 May 2019
Example:
If I have one git repo, with two branches java8 and java11 with different Dockerfiles - dependabot will only scan one of them - the default branch? Or will it scan all of them, and suggest fixes with PRs towards the given target branch?
davidkarlsen
on 9 May 2019
In that example, if you created two "update configs" (our internal word for them), one for the java8 target branch and one for the java11 target branch then you'd get PRs to both of them.
(Really, the + Add a language / directory button in the dashboard should read + Add a language / directory / branch. I think that's what's causing the confusion here.)
greysteil
on 9 May 2019
Gotcha! Thanks a lot. I'll try this and come back with a new issue if it does not work out - indeed the wording mislead me.
davidkarlsen
on 9 May 2019
Hmm, it seems the manual option in the UI to add branches in the UI disappears when using a .dependabot/config.yaml, is so (still) that:
- multi-branch configuration can only be done through UI
- configuration in general can only be done in UI
- If a .dependabot/config.yaml - the manual configuration done in UI will be removed in favour of the file-based configuration, which is one-branch only (the default).
davidkarlsen
on 30 Apr 2020
@davidkarlsen I haven't tried this yet, but I believe you can add multiple configs to your config.yml file in master.
update_configs:
- package_manager: java
target_branch: java8
- package_manager: java
target_branch: java11
You can probably also have a different config in each branch too
smac89
on 30 Apr 2020
No. Different config in each branch is not picked up. It kind of defeats the purpose of branching to have to define it all in the default branch.
davidkarlsen
on 30 Apr 2020
Unfortunately we don't expect to change Dependabot to support configuration files on multiple branches.
infin8x
on 2 Jul 2020
@infin8x what about target-branch supporting arrays instead of just string?
So we can avoid duplicate code?
- package-ecosystem: npm
directory: "/"
schedule:
interval: weekly
day: saturday
time: "03:00"
timezone: Europe/Paris
open-pull-requests-limit: 10
# Only allow updates to the lockfile
versioning-strategy: lockfile-only
target-branch:
- stable19
- stable18
- stable17
labels:
- 3. to review
- "feature: dependencies"
Shall I open an issue? :)
EDIT: https://github.com/dependabot/dependabot-core/issues/2511
skjnldsv
on 7 Sep 2020
Related issues
christoferolaison
路
3Comments
jbreitbart
路
3Comments
Spomky
路
4Comments
artzag
路
3Comments
v1sion
路
3Comments
Most helpful comment
In that example, if you created two "update configs" (our internal word for them), one for the
java8target branch and one for thejava11target branch then you'd get PRs to both of them.(Really, the
+ Add a language / directorybutton in the dashboard should read+ Add a language / directory / branch. I think that's what's causing the confusion here.)