1

I have spark jobs, and I use scala build tool build.sbt for dependencies management and creating the jar file. and I have CI and github action already configured. Now I am trying to use the dependabot to generate and create PR for sbt dependenies versions, but the problem is depandabot.yml does not support sbt in the package ecosystem, anyidea how to solve this problem?

For example:

scalaVersion := "2.12.13",
libraryDependencies ++= Seq(
  "org.mongodb.spark" %% "mongo-spark-connector" % "3.0.1",
  "org.apache.spark" %% "spark-core" % "3.0.1",
  "org.apache.spark" %% "spark-sql" % "3.0.1"
)

I want to use depandabot.yml, to create PR when the versions are outdated?

Gaël J
  • 11,274
  • 4
  • 17
  • 32
MuGh
  • 45
  • 3
  • 1
    Renovate works quite nicely and you can use it also locally, not only on GitHub. With many managers and languages. – Gaël J May 25 '23 at 16:06

2 Answers2

1

You can use Scala Steward. There's support for it in this Github Action.

stefanobaghino
  • 11,253
  • 4
  • 35
  • 63
1

you have the article SECURE THE DEPENDENCIES OF YOUR SCALA PROJECT ON GITHUB from Scala Center. It says that they release a github action to check sbt dependency submission. Also says in the same post that it's in beta, but if you check the repo they have different releases (latest today is v2.1.2). I haven't tried it yet.

The other tool you have is Scala Steward. It's a tool that lets you inspect your project and automatically generates PRs if there is a new release of a dependency you have.

Gastón Schabas
  • 2,153
  • 1
  • 10
  • 17