Fix .github/dependabot.yml schema (set package-ecosystem to github-actions)#745
Open
Wayne-Ch wants to merge 1 commit into
Open
Fix .github/dependabot.yml schema (set package-ecosystem to github-actions)#745Wayne-Ch wants to merge 1 commit into
Wayne-Ch wants to merge 1 commit into
Conversation
The current config has an empty package-ecosystem field which fails
Dependabot's schema validation on every PR opened against the repo:
The property '#/updates/0/package-ecosystem' value "" did not match
one of the following values: npm, bundler, ..., github-actions, ...
Setting it to "github-actions" is the minimal change that makes the file
schema-valid while opting in to a low-noise ecosystem (only the workflow
files under .github/workflows/ are scanned). Additional ecosystems
(npm, pip, cargo, nuget, vcpkg, etc.) can be enabled in follow-up PRs
by whoever wants to own those Dependabot update PRs.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes the Dependabot configuration schema error by replacing an empty package-ecosystem placeholder with the valid github-actions ecosystem.
Changes:
- Enables Dependabot version updates for GitHub Actions workflows.
- Keeps the existing weekly schedule and root directory configuration.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the
.github/dependabot.ymlcheck that has been failing on every PRopened since 5/27 (e.g. #727).
Root cause
The Dependabot config file added in commit 33a1a2f (
Add Dependabot configuration file) contains an unfilled template —package-ecosystemis set to the empty string"", which fails Dependabot's schema validation:The validation check is only run on pull requests, not on direct commits to
main, so the broken template slipped in unnoticed and every new PR now hits a red.github/dependabot.ymlcheck.Change
Replace the empty
package-ecosystem: ""placeholder with"github-actions". This:.github/workflows/).npm,pip,cargo,nuget,vcpkg, etc. is a separate decision that whoever owns those Dependabot update PRs should make in follow-up changes.Diff
Scope
One file, two lines. Intentionally narrow — this is not an "enable Dependabot for the whole repo" PR. It is the minimum required to stop blocking unrelated PRs on a schema error.