Organization-wide registries configuration in .github/dependabot.yml

[AdamVig]

To use Dependabot's support for private registries, it looks like we have to configure the registries option in dependabot.yml for every repository in our organization.

It would be nice if we could share this configuration across the entire organization by in our .github repository. Based on #1530 (comment), it seems this was planned:

When we support private registries in GitHub-native Dependabot, we will support organization-level configuration of private repositories.

I couldn't find any mention of this feature in the GitHub documentation. Is this already supported? If not, is this a feature that the team plans to implement?

[feelepxyz]

@AdamVig agreed! We're hoping to support this pattern and built the current implementation with that in mind. It will be some time before we get to it but we're planning to support it.

[asciimike]

See #3312 for another request for this.

[AraHaan]

Wait we can store workflows organization wide inside of a repository named .github with a workflows subdirectory inside it?

I did not know that one 👀.

I would do that with repository templates that I have them share the same files over and over (unless I want a specific repository to add specific task to a job that is in the organization level workflow.

[kierenj]

Just checking in to see if/where this might lie in terms of a roadmap. We'll probably add something too all our repositories.. unless this is about to land in the next few weeks/months!

[jurre]

It's something that we hope to investigate in next couple of weeks, but I can't make any firm commitments on when it would land. We're very interested in supporting something like this though!

[emtunc]

This would be super handy. Just came across a use-case for enabling private registry access across all our repos. Although I could quickly write some python to insert these files into repos, native support for a global dependabot config would be helpful!

[AraHaan]

I think it would be cool if there was an UI that shows up in our organization that will do this:

• deletes the .github/dependabot.yml file in all of our repositories (but merge their contents together into a single version in our .github repository.
• deletes all of the repository specific copies of our github actions workflows that are the same throughout all repositories and move them to the same .github repository (consolidations) excluding repositories which changes them even slightly. (In those repositories the changed file would override the version of it in the .github repository, but also act as if the other files in the .github repository were in the same repository.)
• Moves issue/pr templates/forms to the .github repository as well (when they are all the same as well) excluding repositories which changes them even slightly. (In those repositories the changed file would override the version of it in the .github repository, but also act as if the other files in the .github repository were in the same repository.)

Those are the blockers I face on me using a global .github repository for one of my organizations that has a ton of repos and allows me to consolidate them and also easily modify them (to where those changes can apply to all repositories in a single go).

[leifwalsh]

I'd be interested in this same feature, but with enterprise-wide configuration instead of organization-wide!

[yrsurya]

Do we have an ETA on this when can we expect it? super interested in this feature

[EdouardBavoux]

This would definitely be interesting for us too, it's a pain to align and maintain dependabot config in every repo.