search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.65k stars 1k forks source link

Support for helmfile #2126

Open abatilo opened 5 years ago

abatilo commented 5 years ago

https://github.com/roboll/helmfile

Helmfile is an improved way to manage all the helm charts that might be deployed to your Kubernetes cluster.

It would be amazing to have dependabot scrape a helm repository, like the official helm charts repository: https://github.com/helm/charts

Or have it scrape the published helm charts repository: https://kubernetes-charts.storage.googleapis.com/

And then update the versions of charts that are being used.

aegershman commented 5 years ago

+1, helmfile changed my life for the better. Am not a dependabot maintainer at all, but any thoughts on what the UX might look like? Would it directly create a PR to update the version: ~x.y.z. for a chart under a helmfile.yaml's releases: block?

(no expectation of commentary but /cc @mumoshu just for visibility)

abatilo commented 5 years ago

That's exactly how I envisioned it. Additionally, it would be nice if it parsed any possible values.yaml files and bumped things like container tags/versions as well.

mumoshu commented 5 years ago

Would it directly create a PR to update the version: ~x.y.z. for a chart under a helmfile.yaml's releases: block?

Perhaps it would be even better if dependabot is able to submit an another type of PRs that, basically, run helmfile deps to update helmfile.lock so that it include latest chart versions referenced from within releases block of your helmfile.yaml 😃

Let's say you had a version constraint that looks like version: >= 1.0 or version: >= 1.2, < 1.3, automated updates of chart version constraints in releases helps delaying opt-in to receive major or minor version updates, while automated updates of helmfile.lock(by running helmfile deps) will help receiving minor or patch versions only.

infin8x commented 4 years ago

Duplicate of #2237

lexfrei commented 3 years ago

@infin8x is this actually a dupe of #2237? helmfile is not a helm itself.

zunkree commented 3 years ago

@infin8x it is definitely not a dupe of #2237. Helmfile is a different tool and use different approach to describe dependencies and versions.

jurre commented 3 years ago

_infin8x is no longer on the Dependabot team. Reopening this for tracking purposes, but please note that we do currently have a stop on adding new ecosystems to Dependabot: https://github.com/dependabot/dependabot-core/blob/0352d543c2ed09ed24e42a72d6b0477b23a55dcf/CONTRIBUTING.md#contributing-new-ecosystems

AlaaAttya commented 1 year ago

hello, any updates for this feature?

jeffwidman commented 1 year ago

No updates right now.

If you want it, please upvote using a 👍 on the first post, see: https://github.com/dependabot/dependabot-core#no-1-comments