-
Notifications
You must be signed in to change notification settings - Fork 4
Enhance Dependabot config for multiple ecosystems #20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,23 @@ | ||||||||||||||||||||||||||||||
| # To get started with Dependabot version updates, you'll need to specify which | ||||||||||||||||||||||||||||||
| # package ecosystems to update and where the package manifests are located. | ||||||||||||||||||||||||||||||
| # Please see the documentation for all configuration options: | ||||||||||||||||||||||||||||||
| # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file | ||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
| version: 2 | ||||||||||||||||||||||||||||||
| updates: | ||||||||||||||||||||||||||||||
| - package-ecosystem: "github-actions" | ||||||||||||||||||||||||||||||
| directory: "/" | ||||||||||||||||||||||||||||||
| schedule: | ||||||||||||||||||||||||||||||
| interval: "daily" | ||||||||||||||||||||||||||||||
| time: "03:00" | ||||||||||||||||||||||||||||||
| - package-ecosystem: "cargo" | ||||||||||||||||||||||||||||||
| directories: | ||||||||||||||||||||||||||||||
| - "/" | ||||||||||||||||||||||||||||||
|
Comment on lines
+14
to
+15
|
||||||||||||||||||||||||||||||
| directories: | |
| - "/" | |
| directory: "/" |
Copilot
AI
Apr 8, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Cargo update config points to the repo root ("/") but this repository’s Cargo workspaces live under src/code-validator/guest/ and src/sandbox/runtime/; there is no Cargo.toml at "/". Dependabot will fail to run for Cargo unless the directory is updated to the actual workspace roots (and typically each workspace root is a separate update entry).
| directories: | |
| - "/" | |
| schedule: | |
| interval: "daily" | |
| time: "03:00" | |
| directory: "/src/code-validator/guest" | |
| schedule: | |
| interval: "daily" | |
| time: "03:00" | |
| - package-ecosystem: "cargo" | |
| directory: "/src/sandbox/runtime" | |
| schedule: | |
| interval: "daily" | |
| time: "03:00" |
Copilot
AI
Apr 8, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The npm update config points to directory: "/src/js-host-api", but there is no src/js-host-api directory in this repo (the root npm manifest is at /package.json, and @hyperlight/js-host-api is referenced as a file:deps/js-host-api dependency). This directory should be updated to the actual location(s) of package.json you want Dependabot to manage (e.g. / and possibly /src/code-validator/guest).
| directory: "/src/js-host-api" | |
| directory: "/" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are trailing spaces after the
updates:anddirectories:keys. YAML will still parse, but trimming avoids noise in future diffs and satisfies whitespace-focused linters/editors.