fix(dependabot): specify directory for Dockerfile

[JonZeolla]

Contributor Comments

This fixes the Dependabot Dockerfile scan logic in the root project. Previously it was having an issue finding the Dockerfile:

Since the Dockerfile is inside a template dir and contains Jinja2, it's possible we will need to turn this off (due to containing placeholders like ARG PYTHON_VERSION={{ cookiecutter.python_version }}) but I'd like to see if it works before I do that.

Here is an example run that failed.

More details

2025/07/07 09:08:43 INFO <job_1048179690> Job definition: {"job":{"allowed-updates":[{"dependency-type":"direct","update-type":"all"}],"commit-message-options":{"prefix":"build","prefix-development":null,"include-scope":true},"credentials-metadata":[{"type":"git_source","host":"github.com"}],"debug":null,"dependencies":null,"dependency-groups":[],"dependency-group-to-refresh":null,"existing-pull-requests":[],"existing-group-pull-requests":[],"experiments":{"record-ecosystem-versions":true,"record-update-job-unknown-error":true,"proxy-cached":true,"move-job-token":true,"dependency-change-validation":true,"nuget-install-dotnet-sdks":true,"nuget-native-analysis":true,"nuget-native-updater":true,"nuget-use-direct-discovery":true,"enable-file-parser-python-local":true,"npm-fallback-version-above-v6":true,"lead-security-dependency":true,"enable-record-ecosystem-meta":true,"enable-corepack-for-npm-and-yarn":true,"enable-shared-helpers-command-timeout":true,"enable-dependabot-setting-up-cronjob":true,"enable-engine-version-detection":true,"avoid-duplicate-updates-package-json":true,"allow-refresh-for-existing-pr-dependencies":true,"allow-refresh-group-with-all-dependencies":true,"exclude-local-composer-packages":true,"enable-enhanced-error-details-for-updater":true,"enable-cooldown-for-python":true,"enable-cooldown-for-uv":true,"enable-cooldown-for-npm-and-yarn":true,"enable-cooldown-for-bun":true,"enable-cooldown-for-bundler":true,"enable-cooldown-for-cargo":true,"enable-cooldown-for-maven":true,"enable-cooldown-for-gomodules":true,"enable-cooldown-metrics-collection":true,"enable-cooldown-for-composer":true,"enable-cooldown-for-gradle":true,"enable-cooldown-for-pub":true,"enable-cooldown-for-gitsubmodules":true,"enable-cooldown-for-elm":true,"gradle-lockfile-updater":true,"enable-cooldown-for-github-actions":true,"enable-cooldown-for-dev-containers":true,"enable-cooldown-for-hex":true,"enable-cooldown-for-dotnet-sdk":true},"ignore-conditions":[],"lockfile-only":false,"max-updater-run-time":2700,"package-manager":"docker","proxy-log-response-body-on-auth-failure":true,"requirements-update-strategy":null,"reject-external-code":false,"security-advisories":[],"security-updates-only":false,"source":{"provider":"github","repo":"Zenable-io/ai-native-python","branch":null,"directory":"/.","api-endpoint":"https://api.github.com/","hostname":"github.com"},"updating-a-pull-request":false,"update-subdependencies":false,"vendor-dependencies":false,"enable-beta-ecosystems":false,"repo-private":false,"multi-ecosystem-update":false}}
...
Dependabot encountered '1' error(s) during execution, please check the logs for more details.
+-------------------------------------------------------------------------------------------+
|                                          Errors                                           |
+---------------------------+---------------------------------------------------------------+
| Type                      | Details                                                       |
+---------------------------+---------------------------------------------------------------+
| dependency_file_not_found | {                                                             |
|                           |   "message": "No Dockerfiles nor Kubernetes YAML found in /", |
|                           |   "file-path": "/Dockerfile"                                  |
|                           | }                                                             |
+---------------------------+---------------------------------------------------------------+
Failure running container ddde7f47e05e29971b1305ea7801b9cc465645fafe11f2ae2156067bbab68a79: Error: Command failed with exit code 1: /bin/sh -c $DEPENDABOT_HOME/dependabot-updater/bin/run fetch_files
Cleaned up container ddde7f47e05e29971b1305ea7801b9cc465645fafe11f2ae2156067bbab68a79
  proxy | 2025/07/07 09:08:44 0/5 calls cached (0%)
2025/07/07 09:08:44 Posting metrics to remote API endpoint

Pull Request Checklist

Thank you for submitting a contribution!

Please address the following items:

• If you are adding a dependency, please explain how it was chosen.
• If manual testing is needed in order to validate the changes, provide a testing plan and the expected results.
• Validate that documentation is accurate and aligned to any project updates or additions.

[ai-coding-guardrails]

I've got 2 comments for you to consider

The PR title and description are not accurate. Here are my suggestions:

Title: refactor(dependabot): convert config to cookiecutter template

Description: # Contributor Comments

This converts the Dependabot configuration file to use cookiecutter templating syntax. The directory path now uses {{ cookiecutter.project_slug }} template variable instead of a hardcoded path.

Note: This change makes the dependabot.yml file a template that needs to be processed by cookiecutter before it can be used by Dependabot.

Pull Request Checklist

Thank you for submitting a contribution!

Please address the following items:

• If you are adding a dependency, please explain how it was chosen.
• If manual testing is needed in order to validate the changes, provide a testing plan and the expected results.
• Validate that documentation is accurate and aligned to any project updates or additions.

Reviewed with 🤟 by Zenable