If you get a validation error when editing your config, you won't know if there's a problem until the next dependabot runs. Even if the cycle is long and the alarm is not set, it may be detected much later. This library allows you to find problems in the PR stage.

name: dependabot validate

on:
  pull_request:
    paths:
      - '.github/dependabot.yml'
      - '.github/workflows/dependabot-validate.yml'
jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: marocchino/validate-dependabot@v3
        id: validate
      - uses: marocchino/sticky-pull-request-comment@v2
        if: always()
        with:
          header: validate-dependabot
          message: ${{ steps.validate.outputs.markdown }}

Required path of config file. Default ".github/dependabot.yml".

Required display on success. Default "✅dependabot config looks good 👍".

Required display on failure. Default "🚫 dependabot errors".

response body as json string

errors as markdown table

Feel free to report issues. 😃