Open prma85 opened 4 years ago
feelepxyz
commented
4 years ago @prma85 👋 thanks for the suggestion! We're holding off on supporting aliases until we know what will be supported in GitHub Actions workflow files. We're keen to keep these feature compatible so we can migrate towards actions in future.
amthorn
commented
3 years ago I'd like to request to reopen this one. yaml Aliases would be super useful for dependabot.
tenpaiyomi
commented
2 years ago Voicing my request for this as well. A simple alias can help me clean up 44 duplicate lines of code down into just 4 (plus the original alias block)
TArch64
commented
2 years ago Same here. YAML aliases are super useful
ghost
commented
2 years ago Vote at https://github.com/orgs/community/discussions/37496 (warming up this old issue as this is the first search-result)
jeffwidman
commented
2 years ago Yeah, this should be re-opened, it got missed back when we had stalebot a long time ago.
I'm not sure we'll do it... as noted above, we have some interest in moving to be more compatible with actions workflow files, but in the meantime this should stay open.
jeffwidman
commented
1 year ago If do ever implement this, note the warning from @greysteil:
it's surprisingly tricky to do in Ruby whilst avoiding the potential for DoS attacks from memory leaks.
port19x
commented
11 months ago 
landongrindheim
commented
5 months ago 👋 Still not sure we'll do this, but this feature request deserves some context.
Dependabot has a backend service that parses the dependabot.yml config file and transforms it into a shape that can be used when Dependabot runs its update jobs. We've accrued quite a few ecosystems, which each have unique considerations. This parsing ends up being more complex than we'd like already, and introducing YAML aliases would make it more complex. Given that we have users with hundreds of configurations within a single file, the previously shared warning is a factor as well.
BUT I can share that we're currently running a public beta which introduces multi-directory support. While it may not satisfy the needs for all usecases mentioned in this thread, it should address the case in this issues description. That might look something like 👇 today.
version: 2
updates:
- package-ecosystem: npm
directories:
- "/"
- "/__defaults"
schedule:
interval: daily
allow:
- dependency-type: all
carlincherry
commented
5 months ago Hi all 👋 , Dependabot PM here! Thank you for your suggestions and for contributing to the discussion. At this time, we won't be prioritizing this feature for the following reasons (thank you @landongrindheim for the summary above, to reiterate your comments):
Complexity: Dependabot's backend service parses the dependabot.yml configuration file and transforms it for use in update jobs. Given the diverse ecosystems we support, each with unique considerations, the current parsing process is already quite complex. Introducing YAML aliases further complicates this already difficult process.
Security: Implementing YAML aliases in Ruby presents significant challenges, particularly in avoiding potential DoS attacks due to memory leaks.
However, for some potential solves for issues mentioned in this thread, check out our multi-directory public beta!
We appreciate your understanding and thank you again for your feedback!
lucasfcnunes
commented
2 months ago @prma85
Shouldn't it be something like the following?
# ...
update_configs:
- <<: *DEFAULT
# Also update the defaults
- <<: *DEFAULT
directory: "/__defaults"
As an user, I would like to use YAML aliases to convert long code/configuration that repeats in simple one. Today, if you try to to it, you will get an error
YAML aliases are not supportedI would like to convert