This action validates that your repository has Dependabot configured for all supported package ecosystems based on the programming languages used in your repository.

• Detects programming languages used in your repository
• Maps languages to their corresponding package ecosystems
• Validates that your dependabot.yml includes configurations for all relevant package ecosystems
• Fails if required ecosystems are missing from your Dependabot configuration

Add this action to your workflow:

name: Validate Dependabot Config
on:
  pull_request:
  push:
    branches: [main]

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Validate Dependabot Configuration
        uses: chrisreddington/validate-dependabot@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

Create a .github/dependabot.yml file in your repository with configurations for your package ecosystems:

version: 2
updates:
  - package-ecosystem: 'npm'
    directory: '/'
    schedule:
      interval: 'weekly'

  - package-ecosystem: 'pip'
    directory: '/'
    schedule:
      interval: 'weekly'

The action may fail with the following messages:

1. No .github/dependabot.yml file found

   • Create a dependabot.yml file in your .github directory
   • Ensure the file has correct YAML syntax

2. Missing Dependabot configuration for ecosystems: X, Y, Z

   • Add configurations for the listed ecosystems to your dependabot.yml
   • Each ecosystem needs its own update block in the configuration

This project is licensed under the MIT License - see the LICENSE file for details.