Support GitHub Actions update in cookiecutter-level project leveraging Dependabot CLI

[jcfr]

Improve the CI pipeline by integrating a scheduled workflow that leverages the Dependabot CLI¹ to update dependencies within the cookiecutter project. The project’s .yml template files include Jinja2 directives like {% raw %} and {% endraw %}, which require special handling.

To achieve this, the update process can be done with the following stages:

• Identify Template Directives:
  • Detect lines in .yml file that contain the {% raw %} and {% endraw %} template Directives.
• Project Configuration:
  • Configure the project to support running the Dependabot CLI
• Execute Dependabot CLI
  • Run Dependabot CLI to update GitHub Actions dependencies within the configured project
• Reintegrate Template Changes:
  • Reintegrate the updated lines back into the .yml files while preserving the original template structure.
• Generate Pull Request:
  • Automatically generate a pull request with the updated .yml files.

This approach ensures the proper handling of templated files while keeping dependencies up-to-date

Footnotes

1. https://github.com/dependabot/cli ↩