use local to avoid excessive cloning

jakecoffman · jakecoffman · commit 57bb881d95c8 · 2025-05-05T09:57:21.000-05:00
diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml
@@ -28,8 +28,18 @@ jobs:
           # GITHUB_TOKEN shows an example of how Dependabot CLI can be used with secrets.
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          ./dependabot update -f .github/dependabot/go.yml --timeout 20m > result.jsonl || true
-          ./dependabot update -f .github/dependabot/bundler.yml --timeout 20m >> result.jsonl || true
+          # Run Dependabot CLI with options:
+          # -f: the path to the job input
+          # --local: use the cloned repo as input to avoid cloning again
+          # --timeout: the maximum time to wait for a job to finish
+          ./dependabot update \
+            -f .github/dependabot/go.yml \
+            --local . \
+            --timeout 20m >> result.jsonl || true
+          ./dependabot update \
+            -f .github/dependabot/bundler.yml \
+            --local . \
+            --timeout 20m >> result.jsonl || true
 
       - name: Upload result
         uses: actions/upload-artifact@v4
