You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This repo holds a reusable workflow for validating Dependabot files in GovPress projects.
It will search the repo for `composer.json` and `package.json` files, and then check there is an entry for each one in the repo's `dependabot.yml`. If there isn't, the workflow will fail.
This should ensure we don't allow our `dependabot.yml` files to fall out of date by not updating them when we add new `composer.json` or `package.json` files to a repo.
You can pass it any `package-ecosystem` (e.g. `composer`), and the corresponding filename for that package manager (e.g. `composer.json`). It will search the repo for any files matching that filename, and then check if the `dependabot.yml` file contains an entry for all found files for that package ecosystem. If it does not, the workflow will fail.
