add support for bun
#6528
Comments
|
any progress here? |
|
Bun v1 has been released, this is very much needed now. |
|
Surprised to not see any support on this yet. We're looking into moving our production applications to bun, however we make significate use of dependabot |
|
@brrygrdn @JamieMagee @jurre @greysteil Sorry for tagging you guys, but just wanted to ask if this is going to be worked on soon? |
|
Afraid I don't work on Dependabot anymore, or at GitHub! 🤞 you get some traction - in the past the best / easiest integrations have been when the package manager team themselves collaborated with the Dependabot team. |
|
Got ya! Thank you. @Jarred-Sumner Any chance you guys (the Bun team) could perhaps take a look at this? |
|
Hey @GrantBirki @jurre or @jakecoffman ... sorry to bother you, but is bun support planned for our beloved Dependabot ? Thanks :) |
|
Hey guys, if any of you are willing to migrate from Dependabot.. Renovate has already introduced Bun support within ONLY 2 days since they announced that they have begun working on it. Unfortunately, Dependabot usually take anywhere from several months to years when it comes to implementing anything on the same level. |
|
@czj I do not work on the dependabot team here at GitHub but I let them know about this issue, thanks! |
|
Hi everyone, PM for Dependabot here. We do not currently have Bun support planned for Dependabot. We will post here if that changes. |
|
Thanks @carogalvin for clarifying. |
|
for packaging updating I have a repo with bun. It works for me nicely with |
|
@carogalvin is there a reason why? It's really disappointing to see this when dependabot is built into Github. We shouldn't need to switch to a thirdparty like renovate for something like this. 😞 |
|
Yes, but the reasons aren't very satisfying I'm afraid :/
Nothing against bun, it seems like a great package manager getting a lot of traction, but unfortunately with lots of feature requests and limited people we have to be very particular with how we prioritize. I'm sure we'll end up adding support eventually. I would encourage everyone looking at this to keep 👍 'ing this issue, because it helps us to see how many people will be helped with this. |
|
We'd be happy to help with adding Bun support to Dependabot |
|
FWIW, until there is support at the Dependabot level, being able to losslessly import For example, if a project dumped both a |
|
@sambostock So we must have this feature of bun implemented oven-sh/bun#1751 (comment)? And also this feature: oven-sh/bun#6409 |
|
I've created a workflow, that runs whenever dependabot creates a pull request. It will execute I hope this helps someone! name: 'Dependabot: Update bun.lockb'
on: pull_request
permissions:
contents: write
jobs:
update-bun-lockb:
name: "Update bun.lockb"
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
steps:
- uses: oven-sh/setup-bun@v1
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.ref }}
- run: |
bun install
git add bun.lockb
git config --global user.name 'dependabot[bot]'
git config --global user.email 'dependabot[bot]@users.noreply.github.com'
git commit --amend --no-edit
git push --force
Hint: This workflow, as written here, will only execute |
|
Thanks a lot @mstuercke ! That's awesome :-) To get rid of the skipped run status: 
You can change the "on" to have a "paths" condition: on:
pull_request:
paths:
- "package.json" |
|
This has now been GA'd!!! 🥳 Check out the changelog. |
This enables Dependabot updates for our Bun examples. Ref https://github.blog/changelog/2025-02-13-dependabot-version-updates-now-support-the-bun-package-manager-ga/ Ref dependabot/dependabot-core#6528
|
how do get a valid schema here?
|
|
@kristian-nst as a workaround you can add quotes around bun i.e 'bun' and |
|
Sharing a valid dependabot.yml version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "bun"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 10I'm using on my repo modular-pets |
|
Works for me with |
…dabot See dependabot/dependabot-core#6528. Also temporarily deactivate check-jsonschema pre-commit, until python-jsonschema/check-jsonschema#528.
…dabot See dependabot/dependabot-core#6528. Also temporarily deactivate check-jsonschema pre-commit, until python-jsonschema/check-jsonschema#528.
|
Does it update the Ideally, it would update the issue about the Update 1: I'm going to try switching from this: version: 2
updates:
- package-ecosystem: "bun"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 10to this: version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 10and see if it works - it looks like it might 🤞: 
Update 2: Yeah looks like that fixed it for me at least: before: after: |
|
@Alex-ley-scrub I'm pretty sure you're supposed to have only one lock file format in the repo. |
|
@phaux - I don't disagree with you but we've been unable to move fully over to bun as a package manager until some tools were updated to support it. Dependabot was one of the last things we needed to support bun, so I'm hoping we can fully move over to bun as a package manager shortly. Dependabot does update all 3 lock files nicely once the That said, once this issues closed, I would have expected Dependabot to update both the |
and others
Is there an existing issue for this?
Feature description
https://bun.sh/ is quickly gaining traction and is now my preferred npm package manager.
It is faster than both
yarnandpnpm, but the only thing left keeping me from moving to it for production use. Is the lack of support by dependabot or renovatebot.Please add support for
bun installand thebun.lockblockfile.The text was updated successfully, but these errors were encountered: