The logic to detect whether to configure package updates for most ecosystems, except for GitHub Actions and Terraform only appears to consider files in the root of the repository.
I found this after testing the action out on a .NET repository where the .csproj files are in subdirectories within the repository. The action generated a dependabot.yml file that only specified GitHub Actions updates.
Each file tested for should recurse through the repository to try and files (maybe within a configurable depth limit to reduce impact on rate limits) so that the generated file is a more accurate reflection of what should be configured.
The logic to detect whether to configure package updates for most ecosystems, except for GitHub Actions and Terraform only appears to consider files in the root of the repository.
I found this after testing the action out on a .NET repository where the
.csprojfiles are in subdirectories within the repository. The action generated adependabot.ymlfile that only specified GitHub Actions updates.Each file tested for should recurse through the repository to try and files (maybe within a configurable depth limit to reduce impact on rate limits) so that the generated file is a more accurate reflection of what should be configured.