ci: add job to check dependabot configuration coverage

[moe-ad]

Closes #843.

@SMoraisAnsys @RobPasMue.
Do you have some ideas about how point 2 of the issue can be handled automatically? Seems like a manual task to me.

[moe-ad]

FYI I left the failing workflow as is so reviewers can see how the action currently works. I will fix it once this has been approved for merging.

[RobPasMue]

Overall the logic seems fine - I'm just concerned about what to do if a 3rd party action is missing. I believe we should open a PR automatically from this workflow

[moe-ad]

Overall the logic seems fine - I'm just concerned about what to do if a 3rd party action is missing. I believe we should open a PR automatically from this workflow

Thanks for the suggestions Roberto. I must have misunderstood #843. I didn't know this was to be offered as a reusable action for other repos to consume. I simply implemented it as a workflow for this repo. I will fix that.

[SMoraisAnsys]

Thanks for the changes @moe-ad, I left a minor comment.

Agreeing with @RobPasMue comments. We could also add the job to the PR workflow as it would notify someone of that lack in the PR changes but it will often run for nothing since we don't add third party actions very often.

[RobPasMue]

I didn't know this was to be offered as a reusable action for other repos to consume.

I am not saying it should be consumed by other repos, not at all in fact.

What I am suggesting is that the same workflow you implemented should also open a PR on the ansys/actions repo and update the dependabot.yml file to include the missing actions. We shouldn't just get informed that some actions are missing. We should remediate the problem

[moe-ad]

I didn't know this was to be offered as a reusable action for other repos to consume.

I am not saying it should be consumed by other repos, not at all in fact.

What I am suggesting is that the same workflow you implemented should also open a PR on the ansys/actions repo and update the dependabot.yml file to include the missing actions. We shouldn't just get informed that some actions are missing. We should remediate the problem

@RobPasMue @SMoraisAnsys The challenge with opening a PR is related to my opening question on this PR. The problem of classifying an action under a meaningful group seems seems like a manual task. I guess an issue should be opened instead?

[RobPasMue]

@RobPasMue @SMoraisAnsys The challenge with opening a PR is related to my opening question on this PR. The problem of classifying an action under a meaningful group seems seems like a manual task. I guess an issue should be opened instead?

Since this part is not working:

actions/.github/dependabot.yml

Lines 110 to 115 in bc44fb8

	# Missed non ansys actions that should by assigned to a group
	must-be-assigned-actions:
	patterns:
	- "*"
	exclude-patterns:
	- "ansys/actions*"

I'd recommend removing the asterisk at large and adding the individual actions found to this group. We can move them manually later if desired

[moe-ad]

Test: #1057
N.B: The test PR includes dependabot_coverage.yml since that doesn't exist yet on main. Once we merge this, that shouldn't happen.

@SMoraisAnsys I think we should avoid adding this to the PR workflow. I have added a workflow_dispatch trigger instead if we need to run this before the scheduled time. I will also leverage that to test the changes one final time upon merging (I intentionally didn't update dependabot.yml with peter-evans/find-comment, pyvista/setup-headless-display-action, vimtor/action-zip yet so those can be added via the final test).

[RobPasMue]

I would run this on a scheduled basis as well @moe-ad - not only on workflow dispatch

[jorgepiloto]

What about moving this to the ci_cd_night.yml? Just to reduce the number of workflow files to pr, night, and release`.

[RobPasMue]

What about moving this to the ci_cd_night.yml? Just to reduce the number of workflow files to pr, night, and release`.

Works for me