Does dependabot bump dependencies for custom gradle kts files?

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.

https://docs.github.com/en/code-security/dependabot

MIT License

4.61k stars 981 forks source link

Does dependabot bump dependencies for custom gradle kts files? #7345

Open k3vonk opened 1 year ago

k3vonk commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Feature description

Hi,

Our team is utilizing dependabot-core to build our own dependabot to bump dependencies within gitlab. We have several kotlin gradle projects that have a mixture of build.gradle.kts files, settings.gradle.kts files, and a custom gradle file to act as a plugin e.g. support-plugin.common.gradle.kts.

I was wondering if the dependabot-core supports bumping dependencies within these custom gradle files.

hfhbd commented 9 months ago

Another common use-cases are precompiled convention plugins which ends with .gradle or gradle.kts: https://docs.gradle.org/current/userguide/custom_plugins.html#sec:precompiled_plugins

mgagliardo91 commented 4 months ago

👍 We have the same issue where we use custom plugins in our buildSrc within the modules of our multi-module project to apply rules (like dependency constraints). Almost all of our actual dependency versions are controlled their to ensure uniformity across each project.

Dependabot doesn't appear to find them, even if we include dependencies in the name