Allow selecting dependabot-core branch when regenerating smoke tests

kbukum1 · Copilot · kbukum1 · commit 1f5a02c3f0e6 · 2026-03-06T16:25:36.000-06:00
Add an optional 'core-branch' input to the Regenerate Test workflow that
lets developers specify a dependabot-core branch name. The workflow
resolves the branch to a commit SHA, maps the test name to the correct
ecosystem image suffix, and passes --updater-image to the CLI.

This enables developers to regenerate smoke tests against their
dependabot-core PR before it merges to main.

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/.github/workflows/regenerate-test.yml b/.github/workflows/regenerate-test.yml
@@ -1,4 +1,6 @@
-# Regenerates a single test file and creates a PR for review
+# Regenerates a single test file and creates a PR for review.
+# Optionally accepts a dependabot-core branch name to use a custom updater image
+# built from that branch, enabling smoke test updates before merging core PRs.
 name: Regenerate Test
 
 on:  # yamllint disable-line rule:truthy
@@ -8,6 +10,10 @@ on:  # yamllint disable-line rule:truthy
         description: 'Test name to regenerate (e.g. npm, bundler, go, etc.)'
         required: true
         type: string
+      core-branch:
+        description: 'dependabot-core branch to use (leave empty for latest release)'
+        required: false
+        type: string
 
 permissions:
   contents: write
@@ -42,12 +48,78 @@ jobs:
           echo "$GITHUB_WORKSPACE" >> $GITHUB_PATH
           ./dependabot --version
 
+      - name: Resolve updater image
+        id: resolve_image
+        if: inputs.core-branch != ''
+        run: |
+          # Map test names to ecosystem image suffixes
+          declare -A ECOSYSTEM_MAP=(
+            ["actions"]="github-actions"
+            ["bundler"]="bundler"
+            ["cargo"]="cargo"
+            ["composer"]="composer"
+            ["devcontainers"]="devcontainers"
+            ["docker"]="docker"
+            ["dotnet-sdk"]="dotnet-sdk"
+            ["elm"]="elm"
+            ["go"]="gomod"
+            ["gradle"]="gradle"
+            ["hex"]="mix"
+            ["maven"]="maven"
+            ["npm"]="npm"
+            ["nuget"]="nuget"
+            ["pub"]="pub"
+            ["python"]="pip"
+            ["rust-toolchain"]="rust-toolchain"
+            ["submodules"]="gitsubmodule"
+            ["swift"]="swift"
+            ["terraform"]="terraform"
+            ["vcpkg"]="vcpkg"
+          )
+
+          # Extract base test name (e.g. npm-group-rules -> npm, dotnet-sdk-security -> dotnet-sdk)
+          TEST="${{ inputs.test }}"
+          ECOSYSTEM=""
+          for key in "${!ECOSYSTEM_MAP[@]}"; do
+            if [[ "$TEST" == "$key" || "$TEST" == "$key"-* ]]; then
+              # Pick the longest matching key
+              if [ ${#key} -gt ${#ECOSYSTEM} ]; then
+                ECOSYSTEM="${ECOSYSTEM_MAP[$key]}"
+                MATCH="$key"
+              fi
+            fi
+          done
+
+          if [ -z "$ECOSYSTEM" ]; then
+            echo "Error: Could not determine ecosystem for test '$TEST'"
+            echo "Supported base test names: ${!ECOSYSTEM_MAP[*]}"
+            exit 1
+          fi
+          echo "Matched test '$TEST' to ecosystem '$ECOSYSTEM' (via key '$MATCH')"
+
+          # Get the latest commit SHA from the dependabot-core branch
+          BRANCH="${{ inputs.core-branch }}"
+          SHA=$(gh api repos/dependabot/dependabot-core/commits/"$BRANCH" --jq .sha)
+          if [ -z "$SHA" ]; then
+            echo "Error: Could not resolve branch '$BRANCH' in dependabot/dependabot-core"
+            exit 1
+          fi
+          echo "Resolved branch '$BRANCH' to SHA: $SHA"
+
+          IMAGE="ghcr.io/dependabot/dependabot-updater-${ECOSYSTEM}:${SHA}"
+          echo "image=$IMAGE" >> "$GITHUB_OUTPUT"
+          echo "Using updater image: $IMAGE"
+
       - name: Regenerate test
         env:
           LOCAL_GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           TEST_FILE="tests/smoke-${{ inputs.test }}.yaml"
-          script/regen.sh "$TEST_FILE" || true
+          EXTRA_ARGS=""
+          if [ -n "${{ steps.resolve_image.outputs.image }}" ]; then
+            EXTRA_ARGS="--updater-image=${{ steps.resolve_image.outputs.image }}"
+          fi
+          dependabot test -f "$TEST_FILE" -o "$TEST_FILE" $EXTRA_ARGS || true
 
       - name: Check for changes
         id: check_changes
@@ -77,12 +149,18 @@ jobs:
           git commit -m "Regenerate ${{ inputs.test }} test"
           git push origin "$BRANCH_NAME"
 
+          CORE_BRANCH_NOTE=""
+          if [ -n "${{ inputs.core-branch }}" ]; then
+            CORE_BRANCH_NOTE=$'\n**dependabot-core branch:** `${{ inputs.core-branch }}`'
+            CORE_BRANCH_NOTE+=$'\n**Updater image:** `${{ steps.resolve_image.outputs.image }}`\n'
+          fi
+
           PR_BODY=$(cat <<EOF
           This PR regenerates the \`${{ inputs.test }}\` test file.
 
           **Test regenerated:** \`$TEST_FILE\`
-
-          The test was regenerated using \`script/regen.sh\` to update it with the latest dependency information.
+          ${CORE_BRANCH_NOTE}
+          The test was regenerated using \`dependabot test\` to update it with the latest dependency information.
 
           Please review the changes to ensure they are expected.
           EOF
