GitHub Action to bump multiple dependencies from either the same or mulitple package managers with Dependabot in a single pull request.

Here is an example how to use this action:

name: Dependabot
on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * *"
jobs:
  check-dependencies:
    runs-on: ubuntu-latest
    steps:
      - uses: marcoroth/[email protected]
        with:
          dependencies: dependency_1, dependency_2
          package_managers: bundler, npm_and_yarn, pip
          directory: /
          branch: main
          username: x-access-token
          token: ${{ secrets.GITHUB_TOKEN }}

These options can be provided via with: in the workflow file.

Required: Comma-separated list of the dependencies Dependabot should bump together

Required: Comma-separated list of the package managers Dependabot should update.

Default value: bundler, npm_and_yarn, pip

The available options are:

• bundler
• pip (includes pipenv)
• npm_and_yarn
• maven
• gradle
• cargo
• hex
• composer
• nuget
• dep
• go_modules
• elm
• submodules
• docker
• terraform

Required: Directory in which the project to update lives

Default value: /

Required: The branch Dependabot runs against in your repository.

Default value: main

Required: The user to create the pull request

Default value: x-access-token

Required: A GitHub Access Token with permission to create the pull request and access potential private repos Dependabot should bump.

This GitHub Action depends on the dependabot/dependabot-core Docker Image and uses a modified version of the dependabot/dependabot-script update-script.rb to bump the dependencies.