search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.55k stars 954 forks source link

dependabot.yml contained invalid details on only one pr with the same .yml as the others and no changes #9806

Open Liquidmasl opened 2 months ago

Liquidmasl commented 2 months ago

Is there an existing issue for this?

Package ecosystem

docker, pip, actions

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2

updates:

  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    # Workflow files stored in the default location of `.github/workflows`. (You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.)
    directory: "/"
    schedule:
      interval: "weekly"
    ignore:
      - dependency-name: "*"
        update-types: [ "version-update:semver-patch" ]

  - package-ecosystem: "pip"
    directory:
      - "processing/intern_depend/cirq_logger"
      - "processing/intern_depend/config_loader"
      - "processing/intern_depend/flasker"
      - "processing/intern_depend/pointqloud"
      - "processing/intern_depend"
      - "processing/containers/exporter"
      - "processing/containers/preprocessor"
      - "processing/containers/segmentor"
      - "processing/containers/separator"
      - "processing/containers/vectoriser"
    schedule:
      interval: "weekly"
    ignore:
      - dependency-name: "*"
        update-types: [ "version-update:semver-patch" ]
    groups:
      patches:
        applies-to: version-updates
        patterns:
          - "*"
        update-types:
          - "patch"

      minor:
        applies-to: version-updates
        patterns:
          - "*"
        update-types:
          - "minor"

  - package-ecosystem: "docker"
    directory:
      - "processing/intern_depend"
      - "processing/containers/exporter"
      - "processing/containers/preprocessor"
      - "processing/containers/segmentor"
      - "processing/containers/separator"
      - "processing/containers/vectoriser"
    schedule:
      interval: "weekly"
    ignore:
      - dependency-name: "*"
        update-types: [ "version-update:semver-patch" ]

Updated dependency

No response

What you expected to see, versus what you actually saw

I would like the PR to clear, but i get:

Your .github/dependabot.yml contained invalid details Dependabot encountered the following error when parsing your .github/dependabot.yml:

The property '#/updates/1/directory' of type array did not match the following type: string The property '#/updates/2/directory' of type array did not match the following type: string Please update the config file to conform with Dependabot's specification.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

because its a private company repo and this is company time i can neither provide a minimal manifest (time) not the full diff of the PR.

But i can show this

image

There was no change on the dependabot.yml and it worked fine before, also there are mutliple other PRs open with the same exact yml and they also work fine.

rerunning the github action leads to the same result

Smallest manifest that reproduces the issue

No response

abhisheksr01 commented 1 month ago

One reason could be multiple directories in a single ecosystem is not supported at the moment unless you have opted for beta . As mentioned in the Issue and Bug here: Issue: https://github.com/dependabot/dependabot-core/issues/2178 bug: https://github.com/dependabot/dependabot-core/issues/9664