Dependabot for Cake - Preview

Thursday, October 29, 2020

While Dependabot currently has no support for Cake, work towards that has already been started.

Using a GitHub Action it is now possible to utilize that work-in-progress to check Cake scripts for outdated references.

By adding a simple workflow like the following to your .github/workflows folder

name: check and update cake references
    # run everyday at 06:00
    - cron:  '0 6 * * *'

    runs-on: ubuntu-latest # linux, because this is a docker-action
      - name: check/update cake dependencies
        uses: nils-org/dependabot-cake-action@v1

the Cake scripts (all files named *.cake) of the project will be checked daily for outdated references (Meaning #tool, #addin and #module references - but only if they are referencing nuget packages).

The action (or rather the Dependabot code running inside the action) will create pull requests for all outdated references.

A created PR for cake.recipe

While the created PRs will look somewhat like "real" Dependabot pull requests, they will have some differences:

  • They will not be from the Dependabot user, but rather from the workflow running the action.
  • They will not have the Dependabot interaction capabilities (e.g. @dependabot rebase).
  • They will not auto-rebase on pushes to the destination of the pull request.

There are some configuration options: Check the README for details.

Technical Background

  • The workflow, as shown above uses nils-org/dependabot-cake-action - a GitHub Action.

  • The GitHub Action uses a specially prepared Docker image to create a container and wraps the configuration options of that container.

  • The Docker container contains (among others) the code from pharos/dependabot-core which is the basis for the pull request to enable Cake scripts in Dependabot.

    Using this code, the container will invoke a simple script that mimics all steps Dependabot normally invokes but hard-coded for Cake scripts.