有没有办法将Dependabot与sbt集成以进行依赖项更新?

huangapple go评论64阅读模式
英文:

Is there a way to integrate Dependabot with sbt for dependency updates?

问题

I have spark jobs, and I use scala build tool build.sbt for dependencies management and creating the jar file. and I have CI and github action already configured.
Now I am trying to use the dependabot to generate and create PR for sbt dependenies versions, but the problem is depandabot.yml does not support sbt in the package ecosystem, anyidea how to solve this problem?

For example:

scalaVersion := "2.12.13",
libraryDependencies ++= Seq(
  "org.mongodb.spark" %% "mongo-spark-connector" % "3.0.1",
  "org.apache.spark" %% "spark-core" % "3.0.1",
  "org.apache.spark" %% "spark-sql" % "3.0.1"
)

I want to use depandabot.yml, to create PR when the versions are outdated?

英文:

I have spark jobs, and I use scala build tool build.sbt for dependencies management and creating the jar file. and I have CI and github action already configured.
Now I am trying to use the dependabot to generate and create PR for sbt dependenies versions, but the problem is depandabot.yml does not support sbt in the package ecosystem, anyidea how to solve this problem?

For example:

scalaVersion := "2.12.13",
libraryDependencies ++= Seq(
  "org.mongodb.spark" %% "mongo-spark-connector" % "3.0.1",
  "org.apache.spark" %% "spark-core" % "3.0.1",
  "org.apache.spark" %% "spark-sql" % "3.0.1"
)

I want to use depandabot.yml, to create PR when the versions are outdated?

答案1

得分: 1

你可以使用Scala Steward。这个Github Action中有对它的支持。

英文:

You can use Scala Steward. There's support for it in this Github Action.

答案2

得分: 1

你有来自Scala Center的文章保护你的Scala项目在GitHub上的依赖项。它说他们发布了一个GitHub操作来检查sbt依赖项提交。同一篇文章还说它目前处于测试阶段,但如果你查看仓库,它们有不同的发布版本(最新版本是v2.1.2)。我还没有尝试过它。

另一个工具是Scala Steward。它是一个工具,让你检查项目,并在你的依赖项有新版本时自动生成PR。

英文:

you have the article SECURE THE DEPENDENCIES OF YOUR SCALA PROJECT ON GITHUB from Scala Center. It says that they release a github action to check sbt dependency submission. Also says in the same post that it's in beta, but if you check the repo they have different releases (latest today is v2.1.2). I haven't tried it yet.

The other tool you have is Scala Steward. It's a tool that lets you inspect your project and automatically generates PRs if there is a new release of a dependency you have.

huangapple
  • 本文由 发表于 2023年5月25日 21:15:31
  • 转载请务必保留本文链接:https://go.coder-hub.com/76332714.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定