dependabot / api-docs Goto Github PK

Hello Dependabot 👋,

When using this API I have noticed for that for at least one repo, I am getting installation-state=inactive, even though the GitHub UI shows me that dependabot alerts and security-updates are enabled.

Please let me know what information you need to investigate (I'm guessing the Account and Repo ID?).

Thanks,
Vincent

When creating an update-config, there's just an example of passing bundler as the package-manager. It seems the only way to get the list of possible values is to create a bunch in the UI and then query the API to see what values get set.

Hi. I am using the dependabot API for the first time.

I want to be able to see a list of all my repos under my username and whether dependabot is enabled or not.

I did the /accounts request. I got one account in the response - it is an org I belong to. But I can't see an account ID for my own user.

Is what I am looking for supported?

If not, can I suggest a note at the top of the doc or around GET for accounts to say that one can only get accounts for organizations one belongs to and that one's personal profile and its owned repos cannot be queried.

see title 😄

Is this for Github Dependabot or old dependabot-preview?

What are the response codes for the private release notification API?

I lost the api error message at this point, but i had to switch from minor to in_range.

Hey folks!

First off, thanks for the great product. It's been a pleasure to use and has made a great impact on teams in the org I work at.

On topic, my question: Is there a way to control who can change specific configurations for a project being monitored by Dependabot? Failing that, is there a straightforward way to know when Dependabot configs change for a project and who made those changes?

The problem I'm trying to solve at the moment is to prevent people from disabling Dependabot for a particular repository. Failing that, I'd like to be able to programmatically know when this happens.

As far as I can tell, there isn't a way to do fine grained access control within Dependabot's UI or API. Lacking that, the only way I see to know when such changes are made is to poll the config API on a relatively short interval.

Thoughts? Suggestions? Thanks again for your time!

https://github.com/dependabot/api-docs#user-content-create-an-update-config-for-a-repo

@dependabot appears to support:

dependabot.com otoh supports:

When the dependabot migrator made pull requests to our repositories, it neglected to warn that this schedule detail was being discarded.

Currently attempting to use: https://github.com/dependabot/api-docs#notify-dependabot-of-a-private-dependency-release to kick off PR generation upon the release of a new docker image to a private docker registry (GCR).

Dependabot is able to manually pick up changes when I select 'Bump now' however when I send:

curl --verbose -d '{"name":"us.gcr.io/<gcr project name>/workflow-testing", "version":"9.0.2", "package-manager":"docker"}' -H "Content-Type: application/json" -H "Authorization: Personal <GitHub PAT with Repo Access>" -X POST https://api.dependabot.com/release_notifications/private
I get a 204 response back (which I believe is expected) however no PR is opened. Selecting 'Bump now' does however pick up the change.

Am I missing something re: documentation?

Thank you!

Hello dependabot 👋

I am facing the same issue which someone opened a while ago #14 and while I was going through the response noticed this You could programatically create a config file which will automatically enable dependabot as soon as it's pushed to the default branch. How could this be done? Could you point me to a documentation or an example please?

Thanks,
Lavanya

Hello,
I've been trying push a notification following the directions on this link.

We are using the following call

{"name":"Voxel.ObjectStorage:Platform","version":"1.1.19207.1","package-manager":"nuget"}

Assuming that for the name parameter, we are using our nuget's ID and Owner as GroupId and ArtifactId, respectively

<?xml version="1.0" encoding="utf-8"?>
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
  <metadata>
    <id>Voxel.ObjectStorage</id>
    <version>1.1.19206.31962</version>
    <authors>Platform</authors>
    <owners>Platform</owners>
    <requireLicenseAcceptance>false</requireLicenseAcceptance>
    <description>Wraper de la librería de AmazonS3 para acceder a un ObjectStorage</description>
    <copyright>Copyright © Voxel Media 2007-2019</copyright>
    <repository type="git" url="https://github.com/VoxelGroup/Voxel.ObjectStorage.git" />
    <dependencies>
      <group targetFramework=".NETStandard2.0">
        <dependency id="AWSSDK.S3" version="3.3.104.2" exclude="Build,Analyzers" />
      </group>
    </dependencies>
  </metadata>
</package>

However, we do not obtain a response, or any PR on our repository, as expected.
What could be the error?

Thanks!

Does a DELETE https://api.dependabot.com/update_configs/:id call deletes the update config?