search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PR's.
https://docs.github.com/en/code-security/dependabot
MIT License
4.51k stars 938 forks source link

support asdf version manager .tool-versions file #1033

Open doughsay opened 5 years ago

doughsay commented 5 years ago

In many of our projects, we use the asdf version manager and the associated .tool-versions file it creates to indicate what versions of languages the project is tested against and known to be working with.

A sample .tool-versions file looks like this:

elixir 1.8.1
erlang 21.2.5

It would be great if dependabot could let us know when new language versions are released and bump the version in this file accordingly.

This can be done using e.g.: asdf list-all elixir and comparing the latest version with the specified version.

This is very similar to other tools such as rbenv or rvm using files like .ruby-version, so it may be possible to implement this in a more generic way, or at least share some behavior if it's desired to do it for other such tools. (Personally, I think asdf solves all other "version manager" concerns and support for the language specific ones is not really on my wishlist.)

greysteil commented 5 years ago

Thanks for the feedback @doughsay. We'd definitely like to support asdf in future. We're focussed on getting support for our current package managers perfect, but I'll add this to the wishlist for when that's done!

pauldps commented 4 years ago

When using .ruby-version or .tool-versions, Gemfile code (which is just plain Ruby) will often do this:

ruby File.read(".tool-versions").match("ruby (.*)\n")[1]

But the above code fails since Dependabot doesn't fetch .tool-versions.

While Dependabot doesn't add official asdf support, could we have a setting to tell FileFetchers about any additional required dependency files? So I could add .tool-versions to the list via configuration if needed, and have a reasonable workaround.

eperdeme commented 2 years ago

Did anybody ever get this working in any hacky or such way ?

maennchen commented 2 years ago

@eperdeme I built a little workaround with GitHub Actions instead of dependabot. (Dependabot would be a lot better though…) https://github.com/jshmrtn/hygeia/blob/main/.github/workflows/part_asdf_update.yml

ericcornelissen commented 1 year ago

I started a GitHub Action to streamline the process of automating .tool-versions versions updates through GitHub Actions over at https://github.com/ericcornelissen/tool-versions-update-action.

It's (very) early days but I would be glad to get some people to try it out and provide feedback :slightly_smiling_face:

Kurt-von-Laven commented 10 months ago

Renovate currently supports bumping these asdf tools with more being added all the time.