GH200: Dependabot configuration file extension

scientific-python / cookie

Scientific Python Library Development Guide and Cookiecutter

https://learn.scientific-python.org/development

BSD 3-Clause "New" or "Revised" License

292 stars 52 forks source link

GH200: Dependabot configuration file extension #485

Closed angelo-peronio closed 1 month ago

angelo-peronio commented 1 month ago

The repository of the gssfile library fails the GH200 rule "Maintained by Dependabot" because the Dependabot config file is named dependabot.yaml, whereas repo-review expects only dependabot.yml.

Can it be made so that repo-review is satisfied with both .yaml and .yml extensions?

henryiii commented 1 month ago

If it works with both, yes.

henryiii commented 1 month ago

I’m not seeing any mention of the .yaml being supported here: https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide

The last time I see it working for your repo was before https://github.com/angelo-peronio/gsffile/commit/051560ed02da22e24e7eeb7a66e8a9d3b0f61286

angelo-peronio commented 1 month ago

Thank you for looking into this. I was able to run it successfully right now.

angelo-peronio commented 1 month ago

Thank you very much!