.NET - supporting .nuspec and Directory.Build.props? #1182
Comments
|
Any progress on this? 😄 |
|
We already fetch |
|
And more generally, thanks for opening this @skolima, and for all your work on NuKeeper. I'm super keen to get to feature parity, but we're still a tiny team on Dependabot (we don't have much additional resource from GitHub yet and have a lot of additional work integrating directly into GitHub and dealing with a 1000x scale increase). We'll definitely get to this and PRs are very appreciated (although I understand not easy since Dependabot Core is in Ruby). |
|
Update regarding the Repro repository: skolima/dependabot-props-problem#3 |
|
Good catch! Fixed by 55aab50. Thanks for the heads up. |
infin8x
added
F: language-support
|
@greysteil, is this issue still open as there's more to be done or can it be closed? |
|
I think there's more to be done - the fix commit I mentioned above was for a small issue @skolima pointed out, not the full details of the issue body. I don't work on Dependabot anymore (these days I'm a product manager for code security at GitHub, which is pretty much all our security stuff except dependency related things), but you're in safe hands with |
|
Thank you, @greysteil. @feelepxyz, could you please confirm that Depedabot respects |
|
@SeanFeldman dependabot should fetch and update |
|
Right. Perhaps considering an update to the issue description to have a list with |
|
I'm not sure if i should open a new issue for this, but feel free to point me in the correct direction, i posted it here since this issue seems to be connected to the usability of I have this repository that has the following structure:
And inside the OpenCar folder a .csproj:
ive configured the following dependabot.yml file with the structure: version: 2
updates:
- package-ecosystem: "nuget"
directory: "/OpenCar" #OpenCar.csproj
schedule:
interval: "weekly"
day: "monday"
commit-message:
prefix: "deps"
open-pull-requests-limit: 5
labels:
- "dependencies"
- package-ecosystem: "nuget"
directory: "." #Directory.build.props
schedule:
interval: "weekly"
day: "saturday"
commit-message:
prefix: "deps"
open-pull-requests-limit: 5
labels:
- "dependencies"For the csproj it works as intended, but for reading the
Which would exclude the .props file from being used as a proper entry file. |
|
I had the same issue as @Jaxelr . Dependabot only bumps I came up with following workaround but I find it inconvinent: open-telemetry/opentelemetry-dotnet-instrumentation#698 Can you also bump packages in |
Related to #541 , there's two more files related to NuGet updates:
.nuspecandDirectory.Build.props. Would you consider updating those as well in the future?Disclosure: I'm one of the devs at https://github.com/NuKeeperDotNet/NuKeeper , and I think it's awesome dependabot got acquired by GitHub and it would be amazing to have feature parity 😄 Unfortunately, my Ruby skills are nonexistent, I'd be more than happy to answer any obscure NuGet/.NET/MSBuild questions.
So:
.nuspec: this is the file describing how a NuGet package is published from a project. The "modern" .NET projects using<PackageReference/>format will generally have.nuspecgenerated automatically and there will be nothing to update. The older projects might have a version range specified there (not that common, AFAIK) or a fixed version, in line with what is inpackages.config. In that last case, this file would need to be updated to stay in sync withpackages.config.MSDN
.nuspecfile referenceNuKeeper
.nuspecupdate codeDirectory.Build.propson the other hand is relevant only to the "modern" project format: it's a file automatically merged with every project in its folder and subfolders. Quite useful for specifying things like compilation settings, copyrights, versions - and shared references, like analyzers. This file can be updated (and has the same syntax) as a.csproj.MSDN introduction (rather barebones)
Sample use with shared build analyzer settings
NuKeeper
Directory.Build.propsupdate codeThe text was updated successfully, but these errors were encountered: