False negative: "Update configs must have a unique combination of 'package-ecosystem', 'directory', and 'target-branch'"

marocchino / validate-dependabot

validate dependabot yaml

MIT License

24 stars 5 forks source link

False negative: "Update configs must have a unique combination of 'package-ecosystem', 'directory', and 'target-branch'" #743

Open corneliusroemer opened 4 months ago

corneliusroemer commented 4 months ago

Dependabot validate lets this through:

version: 2
updates:
  - package-ecosystem: docker
    directory: website
    schedule:
      interval: weekly
    groups:
      minorAndPatch:
          update-types:
            - "minor"
            - "patch"
  - package-ecosystem: docker
    directories:
      - website
      - backend
    schedule:
      interval: weekly
    groups:
      minorAndPatch:
          update-types:
            - "minor"
            - "patch"

even though dependabot itself complains with:

Update configs must have a unique combination of 'package-ecosystem', 'directory', and 'target-branch'

bugron commented 2 weeks ago

Hi @corneliusroemer. I've created a CLI (based on this repo) and this issue should be fixed there. The error message might not be super helpful for big dependabot configuration files as currently it doesn't pinpoint exactly where the validation error occurs but at least it catches the error.

Here is a link to the usage, in case you're interested. You can also easily run it in your CI.