GitHub has a bug that makes dependabot fail to create pull requests when there is a .gitmodules file (anywhere) in the repository that can't be parsed. As we are using .gitmodules file in the cookiecutter templates, this means this repo is not receiving any dependabot updates.
Proposed solution
Use a toml file to list the submodules that should be added for the projects instead. We are already doing a lot of post-processing to handle the submodules anyway:
What's needed?
GitHub has a bug that makes dependabot fail to create pull requests when there is a
.gitmodules
file (anywhere) in the repository that can't be parsed. As we are using.gitmodules
file in the cookiecutter templates, this means this repo is not receiving any dependabot updates.Proposed solution
Use a
toml
file to list the submodules that should be added for the projects instead. We are already doing a lot of post-processing to handle the submodules anyway:https://github.com/frequenz-floss/frequenz-repo-config-python/blob/330bb2d5803e4ef96e8108e72d5d763137a6a913/cookiecutter/hooks/post_gen_project.py#L217-L317
Use cases
No response
Alternatives and workarounds
Use another tool to get dependency updates, like renovate.
Additional context
Here are the relevant parts of my conversation with GitHub support: