Configuration for lerna + Dependabot

[nguyenalex836]

Discussed in https://github.com/github/docs/discussions/596

^{Originally posted by nrakochy October 16, 2020}
Hi there,

How can I configure Dependabot to bump versions for the lerna mono-repo manager?

I see that Dependabot supported this pre-acquisition, and I see strategies on the docs page for how this might work, but I am not sure what the yaml config would have to look like to support this.

Comments ----------------------------------------------------------------------------------------------------

feelepxyz
on Oct 20, 2020
nrakochy Dependabot preview and the GitHub-native version have the same level of lerna support.

Dependabot will fetch the referenced manifest files defined under packages in lerna.json but won't run lerna bootstrap to link any local/unpublished packages so you'll have to change all references to your local packages to file: paths. You can convert local dependencies to use file: imports with lerna link convert.

To configure dependabot native you only need to set up the package-ecosystem as npm (also applies to yarn) and set the directory to wherever your package.json, lockfile and lerna.json file are located.

.github/dependabot.yml:

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"

1 reply
nrakochy
nrakochy
on Oct 20, 2020
Author
Excellent. Will give it a shot. Many thanks feelepxyz