/dependabot-core

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support sbt projects #352

Open
albuch opened this Issue Apr 18, 2018 · 5 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@albuch @greysteil @tyrcho @mark-dhl
@albuch

albuch commented Apr 18, 2018
edited

Hey,
it would be awesome to support sbt dependencies and plugin dependencies as well.

https://www.scala-sbt.org/1.x/docs/Library-Dependencies.html
https://www.scala-sbt.org/1.x/docs/Using-Plugins.html

Multi-projects are supported in sbt as well and is a common use case so that should be considered as well: https://www.scala-sbt.org/1.x/docs/Multi-Project.html

@albuch albuch changed the title from Support sbt to Support sbt projects Apr 18, 2018

@greysteil

This comment has been minimized.

Sign in to view
Member

greysteil commented Apr 18, 2018

Totally up for this. I've got some work to do getting Maven support out of beta first, but once that's done sbt support would be a great addition.
@tyrcho

This comment has been minimized.

Sign in to view

tyrcho commented Sep 15, 2018

My company is working with scala, once support for Gitlab and sbt is there I'd be happy to become a paying customer of dependabot.
@greysteil

This comment has been minimized.

Sign in to view
Member

greysteil commented Sep 15, 2018

Thanks @tyrcho. I'm still really keen on adding both - will keep you posted.
@tyrcho

This comment has been minimized.

Sign in to view

tyrcho commented Oct 17, 2018

I ran into this sbt plugin which should help a lot !
https://github.com/rtimush/sbt-updates

You can append addSbtPlugin("com.timushev.sbt" % "sbt-updates" % "0.3.4") to the end of project/plugins.sbt (creating it if not present) and then run sbt dependencyUpdates and parse the output in stdout. It looks like that:

[info] Found 10 dependency updates for notification-impl
[info]   com.datadoghq:dd-java-agent:dd-java-agent            : 0.10.0           -> 0.16.0
[info]   com.lightbend.lagom:lagom-logback                    : 1.4.6  -> 1.4.8           
[info]   com.lightbend.lagom:lagom-reloadable-server:dev-mode : 1.4.6  -> 1.4.8           
[info]   com.lightbend.lagom:lagom-scaladsl-dev-mode          : 1.4.6  -> 1.4.8           
[info]   com.lightbend.lagom:lagom-scaladsl-server            : 1.4.6  -> 1.4.8

Note that in multi-project build you will have duplicated lines.

Even partial support for sbt in dependabot would be great (ie creating the PR to notify the library has been updated). It will probably be impossible to cover all ways in which versions are defined in sbt since you can code in your build files.
@mark-dhl

This comment has been minimized.

Sign in to view

mark-dhl commented Nov 3, 2018

A project by @fthomas already does this. Hope you could maybe setup some sort of collaboration !

https://github.com/fthomas/scala-steward

@greysteil greysteil referenced this issue Nov 14, 2018

Closed

Support for Scala and sbt #266

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment