fix: maintain dependabot config filename for existing configs

README.md

@@ -56,7 +56,7 @@ This action can be configured to authenticate with GitHub App Installation or Pe
 
 | field                         | required | default | description |
 |-------------------------------|----------|---------|-------------|
-| `GH_TOKEN`                    | True     | `""`    | The GitHub Token used to scan the repository. Must have read access to all repository you are interested in scanning. |
+| `GH_TOKEN`                    | True     | `""`    | The GitHub Token used to scan the repository. Must have read access to all repository you are interested in scanning and repo:write and workflow privelages to create a pull request. |
 
 #### Other Configuration Options
 

dependabot_file.py

@@ -4,28 +4,29 @@
 import yaml
 
 
-def make_dependabot_config(ecosystem, group_dependencies) -> str:
+def make_dependabot_config(ecosystem, group_dependencies, indent) -> str:
     """
     Make the dependabot configuration for a specific package ecosystem
 
     Args:
         ecosystem: the package ecosystem to make the dependabot configuration for
         group_dependencies: whether to group dependencies in the dependabot.yml file
+        indent: the number of spaces to indent the dependabot configuration ex: "  "
 
     Returns:
         str: the dependabot configuration for the package ecosystem
     """
-    dependabot_config = f"""  - package-ecosystem: '{ecosystem}'
-    directory: '/'
-    schedule:
-      interval: 'weekly'
+    dependabot_config = f"""{indent[:-2]}- package-ecosystem: '{ecosystem}'
+{indent}directory: '/'
+{indent}schedule:
+{indent}{indent}interval: 'weekly'
 """
     if group_dependencies:
-        dependabot_config += """    groups:
-      production-dependencies:
-        dependency-type: 'production'
-      development-dependencies:
-        dependency-type: 'development'
+        dependabot_config += f"""{indent}groups:
+{indent}{indent}production-dependencies:
+{indent}{indent}{indent}dependency-type: 'production'
+{indent}{indent}development-dependencies:
+{indent}{indent}{indent}dependency-type: 'development'
 """
     return dependabot_config
 
@@ -61,7 +62,17 @@ def build_dependabot_file(
 
     if existing_config:
         dependabot_file = existing_config.decoded.decode("utf-8")
+        directory_line = next(
+            line for line in dependabot_file.splitlines() if "directory:" in line
+        )
+        indent = " " * (len(directory_line) - len(directory_line.lstrip()))
+        if len(indent) < 2:
+            print(
+                "Invalid dependabot.yml file. No indentation found. Skipping {repo.full_name}"
+            )
+            return None
     else:
+        indent = " " * 2
         dependabot_file = """---
 version: 2
 updates:
@@ -99,7 +110,7 @@ def build_dependabot_file(
                 if repo.file_contents(file):
                     package_managers_found[manager] = True
                     dependabot_file += make_dependabot_config(
-                        manager, group_dependencies
+                        manager, group_dependencies, indent
                     )
                     break
             except github3.exceptions.NotFoundError:
@@ -112,7 +123,7 @@ def build_dependabot_file(
                 if file[0].endswith(".tf"):
                     package_managers_found["terraform"] = True
                     dependabot_file += make_dependabot_config(
-                        "terraform", group_dependencies
+                        "terraform", group_dependencies, indent
                     )
                     break
         except github3.exceptions.NotFoundError:
@@ -123,7 +134,7 @@ def build_dependabot_file(
                 if file[0].endswith(".yml") or file[0].endswith(".yaml"):
                     package_managers_found["github-actions"] = True
                     dependabot_file += make_dependabot_config(
-                        "github-actions", group_dependencies
+                        "github-actions", group_dependencies, indent
                     )
                     break
         except github3.exceptions.NotFoundError:

env.py

@@ -187,7 +187,7 @@ def get_env_vars(test: bool = False) -> tuple[
         if len(commit_message) > 65536:
             raise ValueError("COMMIT_MESSAGE environment variable is too long")
     else:
-        commit_message = "Create dependabot.yaml"
+        commit_message = "Create/Update dependabot.yaml"
 
     created_after_date = os.getenv("CREATED_AFTER_DATE", "")
     is_match = re.match(r"\d{4}-\d{2}-\d{2}", created_after_date)

evergreen.py

@@ -80,9 +80,11 @@ def main():  # pragma: no cover
             continue
         existing_config = None
         filename_list = [".github/dependabot.yml", ".github/dependabot.yaml"]
+        dependabot_filename_to_use = None
         for filename in filename_list:
             existing_config = check_existing_config(repo, filename, update_existing)
             if existing_config:
+                dependabot_filename_to_use = filename
                 break
 
         if created_after_date and is_repo_created_date_before(
@@ -130,7 +132,9 @@ def main():  # pragma: no cover
                 body_issue = (
                     body
                     + "\n\n```yaml\n"
-                    + "# .github/dependabot.yml\n"
+                    + "# "
+                    + dependabot_filename_to_use
+                    + "\n"
                     + dependabot_file
                     + "\n```"
                 )
@@ -151,7 +155,13 @@ def main():  # pragma: no cover
                 count_eligible += 1
                 try:
                     pull = commit_changes(
-                        title, body, repo, dependabot_file, commit_message
+                        title,
+                        body,
+                        repo,
+                        dependabot_file,
+                        commit_message,
+                        dependabot_filename_to_use,
+                        existing_config,
                     )
                     print("\tCreated pull request " + pull.html_url)
                     if project_id:
@@ -273,20 +283,35 @@ def check_pending_issues_for_duplicates(title, repo) -> bool:
     return skip
 
 
-def commit_changes(title, body, repo, dependabot_file, message):
+def commit_changes(
+    title,
+    body,
+    repo,
+    dependabot_file,
+    message,
+    dependabot_filename=".github/dependabot.yml",
+    existing_config=None,
+):
     """Commit the changes to the repo and open a pull reques and return the pull request object"""
     default_branch = repo.default_branch
     # Get latest commit sha from default branch
     default_branch_commit = repo.ref("heads/" + default_branch).object.sha
     front_matter = "refs/heads/"
     branch_name = "dependabot-" + str(uuid.uuid4())
     repo.create_ref(front_matter + branch_name, default_branch_commit)
-    repo.create_file(
-        path=".github/dependabot.yaml",
-        message=message,
-        content=dependabot_file.encode(),  # Convert to bytes object
-        branch=branch_name,
-    )
+    if existing_config:
+        repo.file_contents(dependabot_filename).update(
+            message=message,
+            content=dependabot_file.encode(),  # Convert to bytes object
+            branch=branch_name,
+        )
+    else:
+        repo.create_file(
+            path=dependabot_filename,
+            message=message,
+            content=dependabot_file.encode(),  # Convert to bytes object
+            branch=branch_name,
+        )
 
     pull = repo.create_pull(
         title=title, body=body, head=branch_name, base=repo.default_branch