YAML aliases

[prma85]

As an user, I would like to use YAML aliases to convert long code/configuration that repeats in simple one. Today, if you try to to it, you will get an error YAML aliases are not supported

I would like to convert

version: 1
update_configs:
    # Keep package.json up to date
  - package_manager: "javascript"
    directory: "/"
    update_schedule: "live"
    version_requirement_updates: "auto"
    allowed_updates:
        - match:
            dependency_type: "all"
            update_type: "all"
    automerged_updates:
        - match:
            dependency_type: "all"
            update_type: "semver:minor"

    # Also update the defaults
  - package_manager: "javascript"
    directory: "/__defaults"
    update_schedule: "live"
    version_requirement_updates: "auto"
    allowed_updates:
        - match:
            dependency_type: "all"
            update_type: "all"
    automerged_updates:
        - match:
            dependency_type: "all"
            update_type: "semver:minor"
`
``

into 
```yml
default: &DEFAULT
  - package_manager: "javascript"
    directory: "/"
    update_schedule: "live"
    version_requirement_updates: "auto"
    allowed_updates:
        - match:
            dependency_type: "all"
            update_type: "all"
    automerged_updates:
        - match:
            dependency_type: "all"
            update_type: "semver:minor"

version: 1
update_configs:
    <<: *DEFAULT

    # Also update the defaults
    <<: *DEFAULT
    directory: "/__defaults"

[feelepxyz]

@prma85 👋 thanks for the suggestion! We're holding off on supporting aliases until we know what will be supported in GitHub Actions workflow files. We're keen to keep these feature compatible so we can migrate towards actions in future.

[amthorn]

I'd like to request to reopen this one. yaml Aliases would be super useful for dependabot.

[tenpaiyomi]

Voicing my request for this as well. A simple alias can help me clean up 44 duplicate lines of code down into just 4 (plus the original alias block)

[TArch64]

Same here. YAML aliases are super useful

[ghost]

Vote at https://github.com/orgs/community/discussions/37496 (warming up this old issue as this is the first search-result)

[jeffwidman]

Yeah, this should be re-opened, it got missed back when we had stalebot a long time ago.

I'm not sure we'll do it... as noted above, we have some interest in moving to be more compatible with actions workflow files, but in the meantime this should stay open.

[jeffwidman]

If do ever implement this, note the warning from @greysteil:

it's surprisingly tricky to do in Ruby whilst avoiding the potential for DoS attacks from memory leaks.

[port19x]

[landongrindheim]

👋 Still not sure we'll do this, but this feature request deserves some context.

Dependabot has a backend service that parses the dependabot.yml config file and transforms it into a shape that can be used when Dependabot runs its update jobs. We've accrued quite a few ecosystems, which each have unique considerations. This parsing ends up being more complex than we'd like already, and introducing YAML aliases would make it more complex. Given that we have users with hundreds of configurations within a single file, the previously shared warning is a factor as well.

BUT I can share that we're currently running a public beta which introduces multi-directory support. While it may not satisfy the needs for all usecases mentioned in this thread, it should address the case in this issues description. That might look something like 👇 today.

version: 2
updates:
  - package-ecosystem: npm
    directories: 
      - "/"
      - "/__defaults"
    schedule:
      interval: daily
    allow:
      - dependency-type: all

[carlincherry]

Hi all 👋 , Dependabot PM here! Thank you for your suggestions and for contributing to the discussion. At this time, we won't be prioritizing this feature for the following reasons (thank you @landongrindheim for the summary above, to reiterate your comments):

• Complexity: Dependabot's backend service parses the dependabot.yml configuration file and transforms it for use in update jobs. Given the diverse ecosystems we support, each with unique considerations, the current parsing process is already quite complex. Introducing YAML aliases further complicates this already difficult process.

• Security: Implementing YAML aliases in Ruby presents significant challenges, particularly in avoiding potential DoS attacks due to memory leaks.

However, for some potential solves for issues mentioned in this thread, check out our multi-directory public beta!

We appreciate your understanding and thank you again for your feedback!

[lucasfcnunes]

@prma85

Shouldn't it be something like the following?

# ...
update_configs:
  - <<: *DEFAULT
  # Also update the defaults
  - <<: *DEFAULT
    directory: "/__defaults"

[aliaksandrb]

This is a bummer, most configs are repeatable and aliases supported by every stdib yaml parser I've used, including in Ruby
.
Bumping this up! :D