docs
docs copied to clipboard
github
Clarify what all sources are supported for Terraform Dependency Updates
What article on docs.github.com is affected?
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
What part(s) of the article would you like to see updated?
Terraform section.
Additional information
Terraform supports the following sources:
- Local paths
- Terraform Registry
- GitHub
- Bitbucket
- Generic Git, Mercurial repositories
- HTTP URLs
- S3 buckets
- GCS buckets
- Modules in Package Sub-directories
Out of these, it is very unclear which all are supported by Dependabot.
Update following discussion below
Answer
For anyone else with the same question, the answer was:
Dependabot can be used to manage version updates for dependencies that are stored in GitHub for all the supported package managers. In addition, for some package managers, you can include a
registriessection in your configuration file to allow access to private registries. This is supported for Terraform, see Configuration options for private registries.
If you need to access dependencies in git hosted by other services, like GitLab and BitBucket, you can add the
gitoption to yourregistriessection. See Configuration options for dependency updates.
Content design plan
"Supported repositories and ecosystems" section of About Dependabot version updates
- [ ] Update the introduction to mention that dependencies in private registeries are also supported (similar to the mention of vendored dependencies).
- [ ] Update the link to the article with configuration options - link to both the
#vendoranchor and also the#registriesanchor.
"package-ecosystem" section of Configuration options for dependency updates
- [ ] Add a brief sentence, similar to that for
vendormentioning private registries and linking toregistries.
"Configuration options for private registries" section of Configuration options for dependency updates
- [ ] Add a brief sentence to the first paragraph, mentioning that you can give Dependabot access to private package registries hosted by GitLab or Bitbucket by specifying a
typeofgitand linking togit.
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.
![welcome[bot] avatar](https://avatars.githubusercontent.com/in/4141?v=4 "Published by a pub.dev verified publisher"){kind=small}
@captn3m0 Thanks so much for opening an issue! I'll triage this for the team to take a look :eyes:
@captn3m0 👋🏻
Dependabot can be used to manage version updates for dependencies that are stored in GitHub. You can also include a registries section in your configuration file to allow access to Terraform registries.
If you need to access dependencies in git hosted on other services, like GitLab and BitBucket, you can add the git option to your registries section. See Configuration options for dependency updates.
A note about Mercurial repos and S3 buckets not being supported would be nice.
I'm out of time today, but will come back to this issue and suggest a change to the docs to make this clearer when I get an opportunity. It's difficult to get the right balance in keeping a readable table as well as providing detailed information.
I've updated the issue summary with the information from our discussions and a plan for content changes to make the support clearer. I've also added a note to an internal issue so that when we next refactor these articles, we take your full feedback into account.
