Install and configure Dependabot for automated dependency updates in the project. Use when setting up a new dev environment, repository, adding dependency management, or asked to "install dependabot" or "set up automated updates".
Check if .github/dependabot.yml already exists in the project.
If .github/dependabot.yml does not already exist, create it.
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
Populate .github/dependabot.yml with the correct configuration for the project's dependencies. Here is a common use cases you will encounter (but this is listed just as an example, it is not exhaustive so refer to the "Additonal resources" if other dependencies are in scope):
package.json files. For each package.json file found, add an entry for npm dependencies in the .github/dependabot.yml file with the correct directory path to the package.json file. For example, if a package.json file is found in the root of the project, in a directory, and in a directory, the dependabot.yml file should have 3 entries for npm dependencies with the correct directory paths:clientcdkupdates:
- package-ecosystem: 'npm'
directory: '/'
schedule:
interval: 'daily'
- package-ecosystem: 'npm'
directory: '/cdk'
schedule:
interval: 'daily'
- package-ecosystem: 'npm'
directory: '/client'
schedule:
interval: 'daily'
Explain to the user why you chose the specific directory path for each entry in the dependabot.yml file and give links to specific documentation if available to further help them understand it's truly correct.