[š§] Dependabot 0.14 problem with credentials for private nuget feed in azure devops pipeline
See original GitHub issueHi guys,
Can someone assist me with getting this into a dependabot.yml file? This is my current dependabot setup in pipeline
- task: dependabot@1
displayName: 'Run Dependabot'
inputs:
packageManager: 'nuget'
directory: '$(Dependabot.Directory)'
openPullRequestsLimit: '$(Dependabot.OpenPullRequestsLimit)'
milestone: $(Dependabot.Milestone)
setAutoComplete: true
mergeStrategy: '1'
gitHubAccessToken: '$(Dependabot.GitHubAccessToken)'
azureDevOpsAccessToken: '$(System.AccessToken)'
targetRepositoryName: '${{ variables.Repository }}'
extraEnvironmentVariables: 'DEPENDABOT_EXTRA_CREDENTIALS=[{"type":"nuget_feed","token":"$(VSS_NUGET_ACCESSTOKEN)","url":"https://pkgs.dev.azure.com/$(org)/$(project)/_packaging/$(feed)/nuget/v3/index.json"}]'
It took me hours to get this setup and now it is no longer supported by latest release.
The problem I got with ./github/dependabot.yml
file is that I need to declare variables inside of that file that are available in the pipeline like the "token":"$(VSS_NUGET_ACCESSTOKEN)"
I know that the task in pipeline now has to be something like this, with no inputsā¦
- task: dependabot@1
displayName: 'Run Dependabot'
I tried it few times and nothing works at the moment.
Can you provide me with a working example of the ./github/dependabot.yml
file for this scenario, please?
(with pipeline variables inside that file that work fine, and donāt tell me that now I need extra powershell to construct the damn config file)
Also, is there a way to force this task dependabot@1
to use specific version of the tinglesoftware/dependabot-azure-devops
? It seems to pick the latest on itās own.
Cheers!
Issue Analytics
- State:
- Created 8 months ago
- Comments:21 (10 by maintainers)
Top GitHub Comments
Hi guys, Sorry for late reply, a lot of other work came up. I have just tested this and it works perfectly fine on my end. I also thought Iād share my setup with anyone that wants a nice a clean setup for this.
Azure DevOps YAML Pipelines: Pipeline name must follow this pattern:
Dependabot - name.of.your.repo
Itās easy to setup, you create a template for pipeline and populate your repos with configs. Then just manage them form devops pipeline page via the name of your repo, and a one variables that you setup in the UI.
And the
/.github/dependabot.yml
Hi @mburumaxwell
-checkout
task, if you donāt checkout the repo the agent canāt access that repo even through the API to read the dependabot.yaml file.Thanks šš»