Skip to content

feat: add speakeasy configure dependabot command #1738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: add speakeasy configure dependabot command #1738

wants to merge 1 commit into from
+183 −1

Conversation

@AshGodfrey
Copy link
Contributor

@AshGodfrey AshGodfrey commented Dec 1, 2025

Summary

Adds a new speakeasy configure dependabot command that creates or updates a .github/dependabot.yml file to automate dependency updates for SDK repositories.

Features

Standalone Command

speakeasy configure dependabot
speakeasy configure dependabot -d /path/to/workflow

Auto-prompt After GitHub Setup

After speakeasy configure github completes successfully, users are prompted:

Would you also like to configure Dependabot for automated dependency updates?
> Yes
  No

Smart Merge

  • Reads existing dependabot.yml if present
  • Preserves user customizations (groups, ignore rules, registries, custom schedules)
  • Only adds missing ecosystems
  • Shows helpful messages:
    • "Successfully created dependabot.yml" (new file)
    • "Successfully updated dependabot.yml - Added ecosystems: npm, pip" (merge)
    • "dependabot.yml already has all needed ecosystems configured" (nothing to add)

Auto-detection of SDK Targets

Reads .speakeasy/workflow.yaml and maps targets to dependabot ecosystems:

Speakeasy Target Dependabot Ecosystem
typescript, mcp-typescript npm
python pip
go gomod
java maven
csharp nuget
php composer
ruby bundler
terraform terraform

github-actions is always included.

Example Output

For a workflow with TypeScript and Python targets:

version: 2
updates:
  - package-ecosystem: github-actions
    directory: /
    schedule:
      interval: weekly
  - package-ecosystem: npm
    directory: /
    schedule:
      interval: weekly
  - package-ecosystem: pip
    directory: /
    schedule:
      interval: weekly

Implementation Notes

  • Follows existing patterns in configure.go
  • Reuses ConfigureGithubFlags for the -d flag
  • Uses same YAML encoding approach as other workflow generators
  • Inline type definitions (consistent with other single-use types)
  • Uses yaml:",inline" to preserve unknown fields during merge

Testing

Tested locally:

  • ✅ Creates new dependabot.yml with detected ecosystems
  • ✅ Merges with existing file, preserving customizations
  • ✅ Shows appropriate messages for each scenario
  • ✅ Prompt appears after configure github
  • ✅ Builds successfully

@AshGodfrey
feat: add speakeasy configure dependabot command
627eb93 
This adds a new 'speakeasy configure dependabot' command that creates or updates
a .github/dependabot.yml file to automate dependency updates for SDK repositories.

Features:
- Standalone command: 'speakeasy configure dependabot'
- Auto-prompt after 'speakeasy configure github' completes
- Smart merge: preserves existing dependabot.yml customizations (groups, ignore rules, etc.)
- Auto-detects SDK targets from workflow.yaml and adds appropriate ecosystems:
  - typescript/mcp-typescript → npm
  - python → pip
  - go → gomod
  - java → maven
  - csharp → nuget
  - php → composer
  - ruby → bundler
  - terraform → terraform
- Always includes github-actions ecosystem
- Uses weekly schedule (industry standard for dependabot)

The implementation follows existing patterns:
- Reuses ConfigureGithubFlags for the -d/--workflow-directory flag
- Uses same YAML encoding approach as other workflow generators
- Inline type definitions (consistent with other single-use types in configure.go)
@simplesagar simplesagar requested a review from subomi December 3, 2025 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@subomi subomi Awaiting requested review from subomi

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AshGodfrey