Skip to content

Add known case with monorepos #38273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update tag format guidance for GitHub Actions
Clarify tag format recommendations for GitHub Actions in monorepos.
  • Loading branch information
kbukum1 authored Jul 24, 2025
commit b273d6d5f581541e8cf94850c430471cb8f345ce
Original file line number Diff line number Diff line change
Expand Up @@ -49,18 +49,18 @@ If your repository already uses an integration for dependency management, you wi

If your repository contains multiple GitHub Actions (for example, in a monorepo), the tag format you use affects how {% data variables.product.prodname_dependabot %} detects and updates action versions.

- **Dash (-) separator (e.g. my-action-v0.1.0):**
- {% data variables.product.prodname_dependabot %} may incorrectly update multiple actions or fail to detect new versions. This occurs because {% data variables.product.prodname_dependabot %} relies on Git’s hierarchical tag structure (using slashes) to distinguish between actions.
- **Slash (`/`) separator (e.g., `my-action/v0.1.0`):**
- {% data variables.product.prodname_dependabot %} correctly detects and updates each action independently, as the slash creates a hierarchical tag that aligns with Git’s ref format rules.
- **Dash (-) separator (e.g., `@my-action-v0.1.0`):**
- {% data variables.product.prodname_dependabot %} may group multiple actions under a single dependency entry or fail to detect new versions correctly. This occurs because {% data variables.product.prodname_dependabot %} relies on slash-based tag parsing to distinguish between actions.
- **Slash (`/`) separator (e.g., `@my-action/v0.1.0`):**
- {% data variables.product.prodname_dependabot %} correctly detects and updates each action independently, as the slash creates a hierarchical tag structure that aligns with {% data variables.product.prodname_dependabot %}'s parsing logic.

**Example**:
**Example**:
```yaml
# Recommended: namespaced with slash
uses: my-org/my-action-a/v0.1.0
uses: my-org/monorepo/my-action@my-action/v0.1.0

# Not recommended: dash
uses: my-org/my-action-a-v0.1.0
uses: my-org/monorepo@my-action-v0.1.0
```

**Recommendation:**
Expand Down