Support sbt projects #352
Support sbt projects #352
Comments
Totally up for this. I've got some work to do getting Maven support out of beta first, but once that's done sbt support would be a great addition. |
My company is working with scala, once support for Gitlab and sbt is there I'd be happy to become a paying customer of dependabot. |
Thanks @tyrcho. I'm still really keen on adding both - will keep you posted. |
I ran into this sbt plugin which should help a lot ! You can append
Note that in multi-project build you will have duplicated lines. Even partial support for sbt in dependabot would be great (ie creating the PR to notify the library has been updated). It will probably be impossible to cover all ways in which versions are defined in sbt since you can code in your build files. |
A project by @fthomas already does this. Hope you could maybe setup some sort of collaboration ! |
We are already using dependabot for python and ruby, but the biggest part of our codebase is scala. |
Not yet. We'd still love to add sbt support, but we're a small team and are currently focussed on scaling Dependabot so it can create automated security fixes for all GitHub repos. |
I was linked here from https://dependabot.com/java/ - I would like to help beta test Java Maven support |
The PR I raised as a starting point for sbt support (#1589) was closed without comment due to staleness. Not sure whether to interpret as a bad PR that I can improve, or lack of team capacity, or something else. I'm still willing to continue on the functionality, but would prefer to see some indication of whether I'm likely to see it ever getting merged before spending more time on it. |
@Grundlefleck sorry about that - I've reopened the pull request and added the "enhancement" label, which should prevent stalebot rudely closing it again. Right now the Dependabot team is working pretty flat out on some scaling challenges and bringing more of Dependabot's features to GitHub natively, which means we've (regrettably) been neglecting dependabot-core a bit. I can't promise a timeline, but I'm hopeful we'll be able to spend more time on dependabot-core soon. When we can give it some proper attention, your SBT pull request will be top of the list. |
There is another alternative that supports scala/sbt (among many others) in a rudimentary version: https://github.com/apps/renovate |
@albuch Renovate has a constraint for sbt projects. |
Anything I can do to make our Scala project rely on dependabot? |
Hey,
it would be awesome to support sbt dependencies and plugin dependencies as well.
https://www.scala-sbt.org/1.x/docs/Library-Dependencies.html
https://www.scala-sbt.org/1.x/docs/Using-Plugins.html
Multi-projects are supported in sbt as well and is a common use case so that should be considered as well: https://www.scala-sbt.org/1.x/docs/Multi-Project.html
The text was updated successfully, but these errors were encountered: