feat: add detection for 15 new Dependabot package ecosystems#519
Draft
feat: add detection for 15 new Dependabot package ecosystems#519
Conversation
Add file-based detection for bazel, bun, conda, docker-compose, dotnet-sdk, elm, gitsubmodule, helm, julia, pre-commit, pub, rust-toolchain, swift, uv, and vcpkg ecosystems. Changes: - dependabot_file.py: add new ecosystems to package_managers_found and package_managers dicts with their manifest files - env.py: add all 15 ecosystems to SUPPORTED_PACKAGE_ECOSYSTEMS - test_dependabot_file.py: add parameterized subTest covering all 15 new ecosystems - README.md: update EXEMPT_ECOSYSTEMS docs to list all 29 ecosystems OpenTofu is deferred due to .tf file overlap with terraform. Closes #515 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- conda: replace conda.yaml with environment.yaml (per dependabot-core) - docker-compose: add docker-compose.yaml and compose.yml variants - rust-toolchain: add extensionless rust-toolchain file Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Pre-existing inconsistency where these ecosystems were detected but not initialized in the package_managers_found dict. Works due to Python dict behavior but inconsistent with all other ecosystems. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- pre-commit: add .pre-commit-config.yml, .pre-commit.yaml, .pre-commit.yml per dependabot-core CONFIG_FILE_PATTERN regex - vcpkg: add vcpkg-configuration.json per dependabot-core file fetcher Verified against dependabot-core source: - pre_commit/lib/dependabot/pre_commit/file_fetcher.rb - vcpkg/lib/dependabot/vcpkg/file_fetcher.rb Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds file-based detection for 15 new Dependabot-supported package ecosystems, expanding coverage from 14 to 29 ecosystems.
New ecosystems
bazelMODULE.bazel,WORKSPACE,WORKSPACE.bazelbunbun.lockcondaenvironment.yml,conda.yamldocker-composedocker-compose.yml,compose.yamldotnet-sdkglobal.jsonelmelm.jsongitsubmodule.gitmoduleshelmChart.yamljuliaProject.tomlpre-commit.pre-commit-config.yamlpubpubspec.yamlrust-toolchainrust-toolchain.tomlswiftPackage.swiftuvuv.lockvcpkgvcpkg.jsonFiles changed
dependabot_file.py: Added new ecosystems topackage_managers_foundandpackage_managersdictsenv.py: Added all 15 ecosystems toSUPPORTED_PACKAGE_ECOSYSTEMS(now 29 total)test_dependabot_file.py: Added parameterizedsubTestcovering all 15 new ecosystemsREADME.md: UpdatedEXEMPT_ECOSYSTEMSdocs to list all 29 supported ecosystemsNot included
OpenTofu is deferred - it shares
.tffiles with terraform, so detection overlap needs separate design consideration.Closes #515
Testing
make lintpasses clean (pylint 10/10)