The version must be specified in dependabot.yml

[davidkarlsen]

Describe the bug

2024-01-05T11:50:19.5080191Z ##[section]Starting: dependabot
2024-01-05T11:50:19.5085841Z ==============================================================================
2024-01-05T11:50:19.5085966Z Task         : Dependabot
2024-01-05T11:50:19.5086038Z Description  : Automatically update dependencies and vulnerabilities in your code
2024-01-05T11:50:19.5086138Z Version      : 1.25.613
2024-01-05T11:50:19.5086195Z Author       : Tingle Software
2024-01-05T11:50:19.5086255Z Help         : For help please visit https://github.com/tinglesoftware/dependabot-azure-devops
2024-01-05T11:50:19.5086369Z ==============================================================================
2024-01-05T11:50:19.9815861Z ##[error]The version must be specified in dependabot.yml
2024-01-05T11:50:19.9841252Z ##[section]Finishing: dependabot

cat .github/dependabot.yml
version: 2
registries:
  npp:
    type: maven-repository
    url: https://pkgs.dev.azure.com/redacted/_packaging/NPPMavenRepo/maven/v1
    #token: PAT:${{System.AccessToken}}
    username: redacted
    password: ${{SYSTEM_ACCESSTOKEN}}
    replaces-base: true
updates:
  - package-ecosystem: "maven"
    directory: "/" # Location of package manifests
    registries:
    - npp
    schedule:
      interval: "daily"
    open-pull-requests-limit: 10

cat .azuredevops/dependabot.yaml
trigger: none # Disable CI trigger

schedules:
  - cron: '0 2 * * *' # daily at 2am UTC
    always: true # run even when there are no code changes
    branches:
      include:
        - main
    batch: true
    displayName: Dependabot

pool:
  vmImage: 'ubuntu-latest'

# This task reads the standard dependabot configuration found under .github/dependabot.yml
steps:
  - task: dependabot@1

To Reproduce
Steps to reproduce the behavior:

1. ...
2. ...

Expected behavior
continue to work as it did a day ago.

Screenshots
If applicable, add screenshots to help explain your problem.

Extension (please complete the following information):

• Host: e.g. Azure DevOps
• Version 1.25.613

Additional context
Add any other context about the problem here.

[cyberblast]

I believe .azuredevops/dependabot.yaml is also reserved as dependabot config file path, same as .github/dependabot.yml. So maybe it is loading the wrong file as config?

[probststefan]

I am receiving the same error in my pipelines for several hours. Nothing was changed on my site. Maybe it's a problem with the current Dependabot release?

[probststefan]

Renaming my .azuredevops/dependabot.yaml to something else fixed the problem for me. Thank you, @cyberblast

[davidkarlsen]

@cyberblast that was it - thanks!

[mburumaxwell]

What name worked?

[davidkarlsen]

@mburumaxwell the pipeline yaml-file needs to be named anything else than dependabot.y[a]ml

[mburumaxwell]

That is quite strange. All the usages we have (and everyone else using the extension), has always been .github/dependabot.yml
It still works till today.
Is this something that was working in 1.24 the started failing in 1.25? Are you setting up afresh, making changes or working in a different branch?

[cyberblast]

Introduced in 1.25 with #905

[mburumaxwell]

Okay. Now I understand the issue is using the .azuredevops folder instead of .github. I had forgotten to add that one to the release notes, seeing it was an old change. How did you find out?

Anyway, The issue happens to be a missing forward slash which should be fixed by #924 and released (minor version) in about an hour or less.

[cyberblast]

No, I believe the issue was that they are indeed using .github/dependabot.yml as configuration file but also having a .azuredevops/dependabot.yaml containing the pipe definition to run the task. Due to the new change it seems to be now taking that file as configuration which obviously can't work with such content.

I simply searched for the error message of the OP and scrolled up a bit 😄

[mburumaxwell]

Interesting. Two issues solved then

[davidkarlsen]

No, I believe the issue was that they are indeed using .github/dependabot.yml as configuration file but also having a .azuredevops/dependabot.yaml containing the pipe definition to run the task. Due to the new change it seems to be now taking that file as configuration which obviously can't work with such content.

I simply searched for the error message of the OP and scrolled up a bit 😄

Exactly. This was our case.