search

pdm-project / pdm

A modern Python package and dependency manager supporting the latest PEP standards
https://pdm-project.org
MIT License
7.93k stars 401 forks source link

Add pdm parse to dependabot #978

Closed abersheeran closed 1 year ago

abersheeran commented 2 years ago

Describe the solution you'd like

https://github.com/dependabot/dependabot-core/tree/main/python/lib/dependabot/python/file_parser

frostming commented 2 years ago

Unfortunately dependabot has stopped accepting new ecosystems.

But we can make a dedicated github action from a fork of dependabot-core, like dependabot-lein-runner.

Thanks for the info

Secrus commented 2 years ago

I recently stumbled upon this article: https://www.oddbird.net/2022/06/01/dependabot-single-pull-request/. Maybe this is something to consider for PDM? I would be glad to try myself in implementing that. What do you think @frostming?

frostming commented 2 years ago

I recently stumbled upon this article: https://www.oddbird.net/2022/06/01/dependabot-single-pull-request/. Maybe this is something to consider for PDM? I would be glad to try myself in implementing that. What do you think @frostming?

Thank you, just go for it.

zanieb commented 2 years ago

Hm, they do say

If you are an ecosystem maintainer and are interested in integrating with Dependabot, and are willing to help provide the expertise necessary to build and support it, please open an issue and let us know.

You may be able to get them interested if you have the time to coordinate with them.

sanmai-NL commented 1 year ago

It'd be good to take into account other platforms than GitHub. For example, GitLab integrates with Dependabot in its own way and I know a lot of Python products are hosted on GitLab instances, for one because of their Package Registry. If coordinating with the Dependabot dev team helps with that, over building some alternative integration, then I'm all for it.

ivarnakken commented 1 year ago

@frostming Do you have plans on coordinating with the dependabot team any time soon? Having dependabot is important at our end, and is a bottleneck in our transition to PDM ❤️

sanmai-NL commented 1 year ago

I use Renovate instead. But that supports PDM neither.

sanmai-NL commented 1 year ago

Their contribution guidelines: Adding a package manager.

frostming commented 1 year ago

@frostming Do you have plans on coordinating with the dependabot team any time soon? Having dependabot is important at our end, and is a bottleneck in our transition to PDM ❤️

I have no such plan myself. Volunteers can take on this task. If you need an auto-updater we have https://github.com/pdm-project/update-deps-action

carstencodes commented 7 months ago

According to latest documentations, renovatebot has support for PEP621 managers and PDM is one of them..