github-actionsjibdependabotmaven-jib

GitHub dependabot for a library inside a yml file


Introduction

I'm currently working on a project that automatically containerizes a java project with JIB.

GitHub project link.

Problem

The LIB library is implicitly used inside the YAML file, like this :

    - name: Build JIB container and publish to GitHub Packages
      run: |
        if [ ! -z "${{ inputs.module }}" ]; then
          MULTI_MODULE_ARGS="-am -pl ${{ inputs.module }}"
        fi

        if [ ! -z "${{ inputs.main-class }}" ]; then
          MAIN_CLASS_ARGS="-Djib.container.mainClass=${{ inputs.main-class }}"
        fi

        mvn package com.google.cloud.tools:jib-maven-plugin:3.2.1:build \
        -Djib.to.image=${{ inputs.REGISTRY }}/${{ steps.downcase.outputs.lowercase }}:${{ inputs.tag-name }} \
        -Djib.to.auth.username=${{ inputs.USERNAME }} \
        -Djib.to.auth.password=${{ inputs.PASSWORD }} $MULTI_MODULE_ARGS $MAIN_CLASS_ARGS
      shell: bash

When the new version of JIB is released my dependabot configuration doesn't update the YAML file.

Configuration of the Dependabot :

version: 2
updates:
  - package-ecosystem: github-actions
    directory: '/'
    schedule:
      interval: weekly

Question

Does someone know how to configure dependabot.yml for an implicitly declared library?
Or how to configure Dependabot.yml to automatically create an issue when a new JIB version is released?


Solution

  • You can do it with hiden-dependency-updater

    Example of GitHub Workflow you can use:

    name: Update hidden dependencies
    
    on:
      schedule:
        - cron: '0 0 * * *'
    
    jobs:
      update:
        runs-on: ubuntu-latest
        steps:
          - uses: actions/checkout@v2
    
          - uses: MathieuSoysal/hiden-dependency-updater@v1.1.1
            with:
              files: action.yml # List of files to update
              prefix: "com.google.cloud.tools:jib-maven-plugin:" # Prefix before the version, default is: ""
              suffix: ":build ."
              regex: "[0-9.]*"
              selector: "maven"
              github_repository: "GoogleContainerTools/jib"
    
          - name: Create Pull Request
            uses: peter-evans/create-pull-request@v4
            with:
              token: ${{ secrets.GITHUB_TOKEN }} # You need to create your own token with pull request rights
              commit-message: update jib
              title: Update jib
              body: Update jib to reflect release changes
              branch: update-jib
              base: main