dependabot: Error : .github#L1 No event triggers defined in `on`

Question

I'm trying to setup dependabot on a Github repo.

Here's my config file:

version: 2
updates:
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: "daily"
    open-pull-requests-limit: 10

I'm getting the following error:

Annotations
1 error
Error : .github#L1
No event triggers defined in `on`

This error can occur in case of parsing error. But I adapted this file from a copy-paste of an example in the docs. Besides, I validated the yaml file with a validation tool.

Any idea what I'm doing wrong?

That error suggests it's being parsed as an _actions_ file (which is what the linked question is about); you've put `dependabot.yml` in `.github/workflows/` not just `.github/`. — jonrsharpe, Oct 05 '21 at 08:17
See [here](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates): "You must store this file in the `.github` directory of your repository." — Benjamin W., Oct 05 '21 at 08:26
Oh boy. Glad I asked, cause I could have been searching for a looooong time. I think I was tricked by vim because there was already a workflows directory in .github and nothing else so when creating the dependabot file it ended up in workflows. — Jérôme, Oct 05 '21 at 09:01

score 12 · Accepted Answer · answered Oct 07 '21 at 14:38

12

GitHub parses dependabot.yml as an action file because I put it in .github/workflows/ by mistake.

It should be .github/dependabot.yml.

answered Oct 07 '21 at 14:38

Jérôme

1

This is such a common mistake you'd think Github would show a warning or something – ScottishTapWater Jun 16 '22 at 23:40

1 Answers1