Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify what all sources are supported for Terraform Dependency Updates #8419

Closed
4 tasks
captn3m0 opened this issue Jul 21, 2021 · 7 comments · Fixed by #30139
Closed
4 tasks

Clarify what all sources are supported for Terraform Dependency Updates #8419

captn3m0 opened this issue Jul 21, 2021 · 7 comments · Fixed by #30139
Labels
content This issue or pull request belongs to the Docs Content team help wanted Anyone is welcome to open a pull request to fix this issue pumpkin-spice Specifically tracked Hacktoberfest issue - internal purposes
Projects
Docs open source board

Comments

@captn3m0
Copy link

captn3m0 commented Jul 21, 2021
edited by felicitymay

What article on docs.github.com is affected?

https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates

What part(s) of the article would you like to see updated?

Terraform section.

Additional information

Terraform supports the following sources:

Out of these, it is very unclear which all are supported by Dependabot.

Update following discussion below

Answer

For anyone else with the same question, the answer was:

Dependabot can be used to manage version updates for dependencies that are stored in GitHub for all the supported package managers. In addition, for some package managers, you can include a registries section in your configuration file to allow access to private registries. This is supported for Terraform, see Configuration options for private registries.

If you need to access dependencies in git hosted by other services, like GitLab and BitBucket, you can add the git option to your registries section. See Configuration options for dependency updates.

Content design plan

"Supported repositories and ecosystems" section of About Dependabot version updates

  • Update the introduction to mention that dependencies in private registeries are also supported (similar to the mention of vendored dependencies).
  • Update the link to the article with configuration options - link to both the #vendor anchor and also the #registries anchor.

"package-ecosystem" section of Configuration options for dependency updates

  • Add a brief sentence, similar to that for vendor mentioning private registries and linking to registries.

"Configuration options for private registries" section of Configuration options for dependency updates

  • Add a brief sentence to the first paragraph, mentioning that you can give Dependabot access to private package registries hosted by GitLab or Bitbucket by specifying a type of git and linking to git.
@captn3m0 captn3m0 added the content This issue or pull request belongs to the Docs Content team label Jul 21, 2021
@welcome
Copy link

welcome bot commented Jul 21, 2021

Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Jul 21, 2021
@github-actions github-actions bot added this to Triage in Docs open source board Jul 21, 2021
@captn3m0 captn3m0 mentioned this issue Jul 22, 2021
Closed
@ramyaparimi
Copy link
Contributor

@captn3m0 Thanks so much for opening an issue! I'll triage this for the team to take a look 👀

@ramyaparimi ramyaparimi removed the triage Do not begin working on this issue until triaged by the team label Jul 22, 2021
@ramyaparimi ramyaparimi moved this from Triage to Content review needed in Docs open source board Jul 22, 2021
@felicitymay
Copy link
Contributor

felicitymay commented Jul 29, 2021
edited

@captn3m0 👋🏻

Dependabot can be used to manage version updates for dependencies that are stored in GitHub. You can also include a registries section in your configuration file to allow access to Terraform registries.

If you need to access dependencies in git hosted on other services, like GitLab and BitBucket, you can add the git option to your registries section. See Configuration options for dependency updates.

@captn3m0
Copy link
Author

A note about Mercurial repos and S3 buckets not being supported would be nice.

@felicitymay
Copy link
Contributor

I'm out of time today, but will come back to this issue and suggest a change to the docs to make this clearer when I get an opportunity. It's difficult to get the right balance in keeping a readable table as well as providing detailed information.

@felicitymay
Copy link
Contributor

I've updated the issue summary with the information from our discussions and a plan for content changes to make the support clearer. I've also added a note to an internal issue so that when we next refactor these articles, we take your full feedback into account.

@felicitymay felicitymay added the help wanted Anyone is welcome to open a pull request to fix this issue label Aug 3, 2021
@docubot docubot moved this from Content review needed to Help wanted in Docs open source board Aug 3, 2021
@github-actions github-actions bot added the stale There is no recent activity on this issue or pull request label Oct 8, 2021
Docs open source board automation moved this from Help wanted to Done Oct 16, 2021
@ramyaparimi ramyaparimi removed the stale There is no recent activity on this issue or pull request label Oct 18, 2021
@ramyaparimi ramyaparimi moved this from Done to Help wanted in Docs open source board Oct 18, 2021
@ramyaparimi ramyaparimi reopened this Oct 18, 2021
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Oct 18, 2021
@ramyaparimi ramyaparimi removed the triage Do not begin working on this issue until triaged by the team label Dec 2, 2021
@cmwilson21 cmwilson21 added the pumpkin-spice Specifically tracked Hacktoberfest issue - internal purposes label Sep 30, 2022
@github-actions github-actions bot added the stale There is no recent activity on this issue or pull request label Aug 11, 2023
@cmwilson21 cmwilson21 removed the stale There is no recent activity on this issue or pull request label Aug 11, 2023
@Tara8811

This comment was marked as spam.

Sign in to view
@CBID2 CBID2 mentioned this issue Nov 21, 2023
Merged
6 tasks
Docs open source board automation moved this from Help wanted to Done Dec 1, 2023
@captn3m0 captn3m0 mentioned this issue Dec 12, 2023
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
content This issue or pull request belongs to the Docs Content team help wanted Anyone is welcome to open a pull request to fix this issue pumpkin-spice Specifically tracked Hacktoberfest issue - internal purposes
Projects
Docs open source board
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Clarifying sources that support Terraform Dependency Updates CBID2/docs-my-version-
9 participants
@captn3m0 @felicitymay @ramyaparimi @cmwilson21 @Tara8811 and others