From 11bbe78a75353805a648addb501c1ac3ca5022c7 Mon Sep 17 00:00:00 2001
From: Dimitris Sotirakis <dimitrios.sotirakis@grafana.com>
Date: Wed, 14 May 2025 15:50:38 +0300
Subject: [PATCH 1/2] Add known case with monorepos

For monorepos, tag separated tags don't work with dependabot. Instead, slash separated tags are needed
---
 .../supported-ecosystems-and-repositories.md  | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md b/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md
index ce6920d47f02..d6d3d45f5912 100644
--- a/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md
+++ b/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md
@@ -44,3 +44,24 @@ You can configure updates for repositories that contain a dependency manifest or
 If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}For more information, see [AUTOTITLE](/get-started/exploring-integrations/about-integrations).{% endif %}
 
 {% data reusables.dependabot.supported-package-managers %}
+
+### Known issue: Tag format for GitHub Actions in monorepos
+
+If your repository contains multiple GitHub Actions (for example, in a monorepo), the tag format you use affects how {% data variables.product.prodname_dependabot %} detects and updates action versions.
+
+- **Dash (-) separator (e.g. my-action-v0.1.0):**
+  - Dependabot may incorrectly update multiple actions or fail to detect new versions.
+- **Slash (`/`) separator (e.g., `my-action/v0.1.0`):**
+  - Dependabot correctly detects and updates each action independently
+
+ **Example**:
+```yaml
+# Recommended: namespaced with slash
+uses: my-org/my-action-a/v0.1.0
+
+# Not recommended: dash
+uses: my-org/my-action-a-v0.1.0
+```
+
+**Recommendation:**  
+For monorepos with multiple actions, use the `name/version` (slash) format for action tags to ensure accurate {% data variables.product.prodname_dependabot %} updates.

From 6d7770e8c9d30ec6fc7c20cfabf6dade8c10a811 Mon Sep 17 00:00:00 2001
From: Dimitris Sotirakis <dimitrios.sotirakis@grafana.com>
Date: Wed, 14 May 2025 16:06:46 +0300
Subject: [PATCH 2/2] Add git-ref bits

---
 .../supported-ecosystems-and-repositories.md                | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md b/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md
index d6d3d45f5912..5785be5e05ce 100644
--- a/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md
+++ b/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md
@@ -50,9 +50,9 @@ If your repository already uses an integration for dependency management, you wi
 If your repository contains multiple GitHub Actions (for example, in a monorepo), the tag format you use affects how {% data variables.product.prodname_dependabot %} detects and updates action versions.
 
 - **Dash (-) separator (e.g. my-action-v0.1.0):**
-  - Dependabot may incorrectly update multiple actions or fail to detect new versions.
+  - {% data variables.product.prodname_dependabot %} may incorrectly update multiple actions or fail to detect new versions. This occurs because {% data variables.product.prodname_dependabot %} relies on Git’s hierarchical tag structure (using slashes) to distinguish between actions.
 - **Slash (`/`) separator (e.g., `my-action/v0.1.0`):**
-  - Dependabot correctly detects and updates each action independently
+  - {% data variables.product.prodname_dependabot %} correctly detects and updates each action independently, as the slash creates a hierarchical tag that aligns with Git’s ref format rules.
 
  **Example**:
 ```yaml
@@ -64,4 +64,4 @@ uses: my-org/my-action-a-v0.1.0
 ```
 
 **Recommendation:**  
-For monorepos with multiple actions, use the `name/version` (slash) format for action tags to ensure accurate {% data variables.product.prodname_dependabot %} updates.
+For monorepos with multiple actions, use the `name/version` (slash) format for action tags. This ensures {% data variables.product.prodname_dependabot %} can parse the tag hierarchy correctly and update actions independently.