GitHub: Script to Add dependabot.yml to a List of Repos | josh-ops

[utterances-bot]

GitHub: Script to Add dependabot.yml to a List of Repos | josh-ops

Add the dependabot.yml file programmatically to a list of GitHub repositories

https://josh-ops.com/posts/github-script-to-add-dependabot-file/

[ruzickap]

Thanks for a nice and easy solution... If you need something more "powerful" for updating multiple repos - you can use this tool: https://github.com/lindell/multi-gitter/

[joshjohanning]

Thanks for a nice and easy solution... If you need something more "powerful" for updating multiple repos - you can use this tool: https://github.com/lindell/multi-gitter/

Woah @ruzickap that's a neat app, thanks for sharing 🎉! This accomplishes everything I'd ever want to do with my script, including creating the pull request for us and even providing commands to track whether that PR has been merged or not.

For myself for later, sharing some of my run tests:

# add to a single repository
multi-gitter run ./gitter-add-dependabot-file.sh -R joshjohanning-org/dependabot-yml-gitter -m "adding dependabot.yml"

# add using a repo search filter
multi-gitter run ./gitter-add-dependabot-file.sh --repo-search "org:joshjohanning-org topic:gitter" -m "adding dependabot.yml"

# add to entire org
multi-gitter run ./gitter-add-dependabot-file.sh -O joshjohanning-org-m "adding dependabot.yml"

# adding/customizing the pull request body
export PR_BODY=$'Adding a `dependabot.yml` file to the repo\n\nPlease review for accuracy and merge when ready!'
multi-gitter run ./gitter-add-dependabot-file.sh --repo-search "org:joshjohanning-org topic:gitter" -m "adding dependabot.yml" --pr-body "$PR_BODY"

# get status of the created pull requests
multi-gitter status --repo-search "org:joshjohanning-org topic:gitter"

# closing (not merging) the pull requests
multi-gitter close --repo-search "org:joshjohanning-org topic:gitter"

# merge in the pull requests
multi-gitter merge --repo-search "org:joshjohanning-org topic:gitter"

[!WARNING] add in -d to run a dry-run (see which repos it would be changing first!)

And my ./gitter-add-dependabot-file.sh run script:

#!/bin/bash

# Relative path to the file to be replaced
FILE="./.github/dependabot.yml"

# Full path to the file to copy in
REPLACE_WITH_FILE=~/Repos/github-misc-scripts/scripts/dependabot.yml

if [ -f "$FILE" ]; then
  echo "File $FILE exists."
else
  echo "File $FILE does not exist. Creating..."
  mkdir -p ./.github
  cp $REPLACE_WITH_FILE $FILE
  echo "File $FILE created."
fi

---

Edit

Here is a slightly more complex ./gitter-add-dependabot-file.sh run script that creates a dependabot.yml if it doesn't exist, but if it does exist, only check to see if there is a package-ecosystem: github-actions section and if not, add it 😄

Expand to see code!

Prerequisites: `yq` installed (tested with `yq` v4.41.1) ```sh #!/bin/bash # Relative path to the file to be replaced FILE="./.github/dependabot.yml" # Full path to the file to copy in REPLACE_WITH_FILE=~/Repos/github-misc-scripts/scripts/dependabot.yml # Check if the file exists if [ -f "$FILE" ]; then echo "File $FILE exists." # Check if "package-ecosystem: github-actions" exists in the file if [[ $(yq e '[.updates[] | select(.package-ecosystem == "github-actions")] | length' $FILE) -gt 0 ]]; then echo '"package-ecosystem: github-actions" exists in the file.' else echo '"package-ecosystem: github-actions" does not exist in the file.' yq e '.updates += [{"package-ecosystem": "github-actions", "directory": "/", "schedule": {"interval": "daily"}}]' -i $FILE echo '"package-ecosystem: github-actions" added to the file.' fi else echo "File $FILE does not exist. Creating..." mkdir -p ./.github # Create the file with initial content yq e '.version = "2"' - | \ yq e '.updates = [{"package-ecosystem": "github-actions", "directory": "/", "schedule": {"interval": "daily"}}]' - > "$FILE" echo "File $FILE created." fi ```