Batch Dependabot updates per directories (Lombiq Technologies: OCORE-202)

[Piedone]

I hope this fixes #16729. This is speculative though, I'm not entirely sure, but following the logic of Dependabot's manifest limit, I think it should work. Grouping dependencies (like updating Microsoft.* ones in one group, then OpenIddict.* ones in another...) wouldn't help, I think, because the number of manifests would still be the same.

[sebastienros]

Looks good. Wondering if we could just tell it to update the Directory.packages.props instead of navigating all th csprojs

[Piedone]

I haven't found any indication that that would be possible.

OK then, let's see if this helps.

[Piedone]

Well, the syntax has some issue, because apparently, directory: "/src/OrchardCore" won't look into subdirectories: https://github.com/OrchardCMS/OrchardCore/actions/runs/11170531519/job/31053550016 Only directories can do that.

However, based on https://github.com/OrchardCMS/OrchardCore/actions/runs/11170531558/job/31053549983, even that wouldn't work well, because due to centralized package management, the dependencies are not defined in the given projects, and thus Dependabot can't update them when restricted to a directory (it won't know about Directory.packages in this case):

2024-10-03T22:21:36.6099971Z Package [GraphQL.MicrosoftDI] Does not exist as a dependency in [/home/dependabot/dependabot-updater/repo/src/OrchardCore/OrchardCore.Admin.Abstractions/OrchardCore.Admin.Abstractions.csproj].
2024-10-03T22:21:36.6102787Z Updating project [/home/dependabot/dependabot-updater/repo/src/OrchardCore/OrchardCore.Apis.GraphQL.Abstractions/OrchardCore.Apis.GraphQL.Abstractions.csproj]

So, let's just try restricting it to Directory.packages.props and see what happens.

[Piedone]

I'll experiment with this in a fork though, since I don't want to merge failing PRs, but testing can only happen after the PR is merged.