search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.65k stars 1k forks source link

[Github Actions] Allow discovery of workflows from other keys besides `uses` #6897

Open yeikel opened 1 year ago

yeikel commented 1 year ago

Is there an existing issue for this?

Feature description

Normally, dependabot detects workflows from the uses key within a workflow

In our use case, we're defining and passing workflows as arguments to other workflows. I'd like to receive upgrades for them as well


test:
    name: 🔮 Test
    uses: org/.github/.github/workflows/update-checker.yml@sha
    with:
      workflow_version: |
        org/repo/.github/workflows/checker.yml@hash
        org/repo/.github/workflows/other.yml@hash
PKhamorn302531 commented 1 year ago

Is there an existing issue for this?

  • [X] I have searched the existing issues

Feature description

Normally, dependabot detects workflows from the uses key within a workflow

In our use case, we're defining and passing workflows as arguments to other workflows. I'd like to receive upgrades for them as well


test:
    name: 🔮 Test
    uses: org/.github/.github/workflows/update-checker.yml@sha
    with:
      workflow_version: |
        org/repo/.github/workflows/checker.yml@hash
        org/repo/.github/workflows/other.yml@hash