While Dependabot currently has no support for Cake, work towards that has already been started.
Using a GitHub Action it is now possible to utilize that work-in-progress to check Cake scripts for outdated references.
By adding a simple workflow like the following to your .github/workflows folder
name: check and update cake references
on:
schedule:
# run everyday at 06:00
- cron: '0 6 * * *'
jobs:
dependabot-cake:
runs-on: ubuntu-latest # linux, because this is a docker-action
steps:
- name: check/update cake dependencies
uses: nils-org/dependabot-cake-action@v1
the Cake scripts (all files named *.cake) of the project will be checked daily for outdated references (Meaning #tool, #addin and #module references - but only if they are referencing nuget packages).
The action (or rather the Dependabot code running inside the action) will create pull requests for all outdated references.
While the created PRs will look somewhat like "real" Dependabot pull requests, they will have some differences:
- They will not be from the Dependabot user, but rather from the workflow running the action.
- They will not have the Dependabot interaction capabilities (e.g.
@dependabot rebase). - They will not auto-rebase on pushes to the destination of the pull request.
There are some configuration options: Check the README for details.
Technical Background
The workflow, as shown above uses nils-org/dependabot-cake-action - a GitHub Action.
The GitHub Action uses a specially prepared Docker image to create a container and wraps the configuration options of that container.
The Docker container contains (among others) the code from pharos/dependabot-core which is the basis for the pull request to enable Cake scripts in Dependabot.
Using this code, the container will invoke a simple script that mimics all steps Dependabot normally invokes but hard-coded for Cake scripts.
