search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.74k stars 1.03k forks source link

Support for GitHub releases #1743

Open hendrikhalkow opened 4 years ago

hendrikhalkow commented 4 years ago

In my build script, I'd like to reference a GitHub repository. This reference should be kept up to date by Dependabot. This would allow using Dependabot in a very generic way. I came across this requirement when I created a build script for an OCI image with Node.js. Whenever a new Node.js version is released, I'd like to release an updated version of my image. A solution could look like this:

Dependabot defines a generic reference format, e.g. a file called dependencies.json:

{
  "node": {
    "repo": "nodejs/node",
    "version": "v12.16.1",
    "filter": "^v12\\.\\d+\\.\\d+$"
  }
}

Dependabot can keep this file easily up to date with the latest semantic version while it can also easily be used in a shell script via jq.

platan commented 4 years ago

I just found that Renovate support Github tags/releases as a source (and many other datasources) + has a very universal regex manager which can be used to handle custom file formats. I'm using it in my versions file + configuration. I hope this can help you.

github-actions[bot] commented 2 months ago

👋 This issue has been marked as stale because it has been open for 2 years with no activity. You can comment on the issue to hold stalebot off for a while, or do nothing. If you do nothing, this issue will be closed eventually by the stalebot. Please see CONTRIBUTING.md for more policy details.

lorengordon commented 2 months ago

Not stale