Dependency ecosystems not correctly detected #29
Labels
bug
Something isn't working
keep
do not mark as stale
ready-for-work
Issue is defined enough to begin implementation
Comments
zkoppert
added
bug
|
This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days. |
|
For this maybe its better to temporarily clone the repository and do file search for project files? I feel like rate limits would be spent quickly otherwise. |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The logic to detect whether to configure package updates for most ecosystems, except for GitHub Actions and Terraform only appears to consider files in the root of the repository.
I found this after testing the action out on a .NET repository where the
.csprojfiles are in subdirectories within the repository. The action generated adependabot.ymlfile that only specified GitHub Actions updates.Each file tested for should recurse through the repository to try and files (maybe within a configurable depth limit to reduce impact on rate limits) so that the generated file is a more accurate reflection of what should be configured.
The text was updated successfully, but these errors were encountered: