Gradle Dependabot Group pattern error
pexa-ashek opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
Gradle
Package manager version
8.2.1
Language version
Kotlin
Manifest location and content before the Dependabot update
build.gradle.kts (relevant section)
val postgresqlVersion: String by extra
val flywayCoreVersion: String by extra
val moshiVersion: String by extra
val logbackVersion: String by extra
apply(from = "versions.gradle.kts")
dependencies {
implementation("org.springframework.boot:spring-boot-starter-actuator")
implementation("org.springframework.boot:spring-boot-starter-logging")
implementation("org.springframework.boot:spring-boot-starter-validation")
implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
implementation("org.postgresql:postgresql:$postgresqlVersion")
implementation("org.flywaydb:flyway-core:$flywayCoreVersion")
implementation("com.squareup.moshi:moshi:$moshiVersion")
implementation("com.squareup.moshi:moshi-adapters:$moshiVersion")
implementation("com.squareup.moshi:moshi-kotlin:$moshiVersion")
implementation("ch.qos.logback:logback-classic:$logbackVersion")
implementation("ch.qos.logback:logback-core:$logbackVersion")
implementation("ch.qos.logback:logback-access:$logbackVersion")
versions.gradle.kts
mapOf(
"moshiVersion" to "1.15.1",
"flywayCoreVersion" to "9.22.2",
"logbackVersion" to "1.4.14",
).forEach { (name, version) ->
project.extra.set(name, version)
}
dependabot.yml content
updates:
- package-ecosystem: "gradle"
directory: "/"
registries:
- Artifactory
schedule:
interval: "daily"
time: "08:30"
timezone: "Australia/Melbourne"
labels:
- "kotlin"
commit-message:
prefix: "NOJIRA | Dependabot | "
groups:
spring-dependencies:
patterns:
- "org.springframework*"
update-types:
- "major"
- "minor"
db-dependencies:
patterns:
- "org.postgresql*"
- "org.flywaydb*"
update-types:
- "major"
- "minor"
square-dependencies:
patterns:
- "com.squareup*"
update-types:
- "major"
- "minor"
logback-dependencies:
patterns:
- "ch.qos.logback*"
update-types:
- "major"
- "minor"
What you expected to see, versus what you actually saw
I'm getting the below error when applying the gradle Dependabot configuration (see above) where I'm only interested in major and minor version updates to the specified dependencies in the defined group
. Am I missing some attributes under groups
or is the a problem with the pattern regex itself
Additional question
Is Dependabot able to scan the dependency version when the version config file (in my case versions.gradle.kts
) has been externalised from the build.gradle.kts
file
Error log
updater | 2024/05/29 22:51:47 INFO <job_834701292> Starting job processing
updater | 2024/05/29 22:51:47 WARN <job_834701292> Please check your configuration as there are groups where no dependencies match:
updater | - gradle
updater |
updater | This can happen if:
updater | - the group's 'pattern' rules are misspelled
updater | - your configuration's 'allow' rules do not permit any of the dependencies that match the group
updater | - the dependencies that match the group rules have been removed from your project
updater |
updater | 2024/05/29 22:51:47 INFO <job_834701292> Starting grouped update job for ***/**service
updater | 2024/05/29 22:51:47 INFO <job_834701292> Found 1 group(s).
updater | 2024/05/29 22:51:47 WARN <job_834701292> Skipping update group for 'gradle' as it does not match any allowed dependencies.