Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Ignore is not used from config file

See original GitHub issue

When I try to specify ignores in my dependabot.yml file they’re not applied to the command.

.azuredevops/dependabot.yml:

version: 2

updates:
  - package-ecosystem: nuget
    directory: /
    target-branch: master
    ignore:
    - dependencyName: "Microsoft.Extensions.*"
      versions: ["5.*.*"]

run-dependabot.yml:

trigger: none

schedules:
- cron: "0 2 * * 0"
  always: true
  branches:
    include:
    - master
  batch: true
  displayName: Weekly

pool:
  vmImage: 'ubuntu-latest'

#variables:
#  DEPENDABOT_IGNORE: '[{"name": "Microsoft.Extensions.*", "versions": ["5.*.*"]}]'

steps:
- task: dependabot@1
  displayName: Run Dependabot
  inputs:
    useConfigFile: true
    packageManager: 'nuget'
    directory: /

Command run: /usr/bin/docker run --rm -i -e AZURE_HOSTNAME=dev.azure.com -e AZURE_ACCESS_TOKEN=*** -e AZURE_ORGANIZATION=*** -e AZURE_PROJECT=*** -e AZURE_REPOSITORY=*** -e DEPENDABOT_PACKAGE_MANAGER=nuget -e DEPENDABOT_DIRECTORY=/ -e DEPENDABOT_TARGET_BRANCH=master -e DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT=5 tingle/dependabot-azure-devops:0.2

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

2reactions
Frederikbhcommented, Aug 16, 2021

It seems that NuGet is using * as wildcard instead of x. For reference, the following config file works:

version: 2

updates:
  - package-ecosystem: "nuget"
    directory: /
    target-branch: "master"
    ignore:
      - dependency-name: "Microsoft.Extensions.Configuration.Binder"
        versions: ["5.*"]
      - dependency-name: "Microsoft.Extensions.DependencyInjection"
        versions: ["5.*"]
      - dependency-name: "Microsoft.Extensions.Options"
        versions: ["5.*"]
      - dependency-name: "Microsoft.Extensions.Configuration.Json"
        versions: ["5.*"]
0reactions
Frederikbhcommented, Aug 11, 2021

Tried using a single line and still got this:

variables:
  DEPENDABOT_IGNORE_CONDITIONS: '[{"dependency-name": "Microsoft.Extensions.Configuration.Binder", "versions": ["5.x"]},{"dependency-name": "Microsoft.Extensions.DependencyInjection", "versions": ["5.x"]},{"\dependency-name": "Microsoft.Extensions.Options", "versions": ["5.x"]},{"dependency-name": "Microsoft.Extensions.Configuration.Json", "versions": ["5.x"]}]'


2021-08-11T06:35:43.0273842Z ##[section]Starting: Run Dependabot
2021-08-11T06:35:43.0283362Z ==============================================================================
2021-08-11T06:35:43.0283786Z Task         : Dependabot
2021-08-11T06:35:43.0284114Z Description  : Automatically update dependencies and vulnerabilities in your code
2021-08-11T06:35:43.0284417Z Version      : 1.5.141
2021-08-11T06:35:43.0284722Z Author       : Tingle Software
2021-08-11T06:35:43.0285093Z Help         : For help please visit https://github.com/tinglesoftware/dependabot-azure-devops
2021-08-11T06:35:43.0285548Z ==============================================================================
2021-08-11T06:35:43.4092086Z [command]/usr/bin/docker run --rm -i -e DEPENDABOT_PACKAGE_MANAGER=nuget -e DEPENDABOT_FAIL_ON_EXCEPTION=true -e DEPENDABOT_EXCLUDE_REQUIREMENTS_TO_UNLOCK= -e AZURE_PROTOCOL=https -e AZURE_HOSTNAME=dev.azure.com -e AZURE_ORGANIZATION=Inspari-Community -e AZURE_PROJECT=Inspari%20Core%20Library -e AZURE_REPOSITORY=Inspari%20Core%20Library -e AZURE_ACCESS_TOKEN=*** -e AZURE_SET_AUTO_COMPLETE=false -e DEPENDABOT_DIRECTORY=/ -e DEPENDABOT_TARGET_BRANCH=master -e DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT=5 -e DEPENDABOT_IGNORE_CONDITIONS=[{"dependency-name": "Microsoft.Extensions.Configuration.Binder", "versions": ["5.x"]},{"dependency-name": "Microsoft.Extensions.DependencyInjection", "versions": ["5.x"]},{"\dependency-name": "Microsoft.Extensions.Options", "versions": ["5.x"]},{"dependency-name": "Microsoft.Extensions.Configuration.Json", "versions": ["5.x"]}] -e GITHUB_ACCESS_TOKEN=*** -e AZURE_AUTO_APPROVE_PR=false tingle/dependabot-azure-devops:0.5
2021-08-11T06:35:43.7415875Z Unable to find image 'tingle/dependabot-azure-devops:0.5' locally
2021-08-11T06:35:45.0860444Z 0.5: Pulling from tingle/dependabot-azure-devops
2021-08-11T06:35:45.0862048Z feac53061382: Already exists
...
2021-08-11T06:37:00.5909965Z 72c9e99967c5: Pull complete
2021-08-11T06:37:00.6011520Z Digest: sha256:629e24b3595b970299422de925ea1632535c166a788a1689623667c49c25f065
2021-08-11T06:37:00.6034113Z Status: Downloaded newer image for tingle/dependabot-azure-devops:0.5
2021-08-11T06:37:03.0027636Z warning: parser/current is loading parser/ruby27, which recognizes
2021-08-11T06:37:03.0029732Z warning: 2.7.4-compliant syntax, but you are running 2.7.1.
2021-08-11T06:37:03.0030610Z warning: please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.
2021-08-11T06:37:12.1133642Z GitHub access token has been provided.
2021-08-11T06:37:12.1135498Z Using hostname = 'dev.azure.com', protocol = 'https', port = '443'.
2021-08-11T06:37:12.1136106Z Using 'https://dev.azure.com:443/' as API endpoint
2021-08-11T06:37:12.1136831Z Fetching nuget dependency files for ***
2021-08-11T06:37:12.1137413Z Targeting 'master' branch under '/' directory
2021-08-11T06:37:12.1137758Z Parsing dependencies information
2021-08-11T06:37:12.1138130Z Checking if Microsoft.Extensions.Configuration.Binder 3.1.15 needs updating
2021-08-11T06:37:12.1138470Z Requirements to unlock own
2021-08-11T06:37:12.1138825Z Updating Microsoft.Extensions.Configuration.Binder from 3.1.15 to 5.0.0
2021-08-11T06:37:12.1139231Z Pull request for 3.1.15 already exists (#254) and does not need updating.
2021-08-11T06:37:12.1139715Z Checking if Microsoft.Extensions.DependencyInjection 3.1.15 needs updating
2021-08-11T06:37:12.1140068Z Requirements to unlock own
2021-08-11T06:37:12.1140404Z Updating Microsoft.Extensions.DependencyInjection from 3.1.15 to 5.0.2
2021-08-11T06:37:12.1140826Z Pull request for 3.1.15 already exists (#255) and does not need updating.
2021-08-11T06:37:12.1141461Z Checking if Microsoft.Extensions.Options 3.1.15 needs updating
2021-08-11T06:37:12.1141830Z Requirements to unlock own
2021-08-11T06:37:12.1142188Z Updating Microsoft.Extensions.Options from 3.1.15 to 5.0.0
2021-08-11T06:37:12.1142611Z Pull request for 3.1.15 already exists (#256) and does not need updating.
2021-08-11T06:37:12.1143027Z Checking if Newtonsoft.Json 13.0.1 needs updating
2021-08-11T06:37:12.1143379Z No update needed for Newtonsoft.Json 13.0.1
2021-08-11T06:37:12.1143743Z Checking if AutoFixture 4.17.0 needs updating
2021-08-11T06:37:12.1144081Z No update needed for AutoFixture 4.17.0
2021-08-11T06:37:12.1144488Z Checking if Microsoft.Extensions.Configuration.Json 3.1.17 needs updating
2021-08-11T06:37:12.1144870Z Requirements to unlock own
2021-08-11T06:37:12.1145230Z Updating Microsoft.Extensions.Configuration.Json from 3.1.17 to 5.0.0
2021-08-11T06:37:12.1145727Z Submitting Microsoft.Extensions.Configuration.Json pull request for creation. Seems PR is already present.
2021-08-11T06:37:12.1146161Z Checking if Moq 4.16.1 needs updating
2021-08-11T06:37:12.1146747Z No update needed for Moq 4.16.1
2021-08-11T06:37:12.1147066Z Checking if NUnit 3.13.2 needs updating
2021-08-11T06:37:12.1147405Z No update needed for NUnit 3.13.2
2021-08-11T06:37:12.1147876Z Checking if NUnit3TestAdapter 4.0.0 needs updating
2021-08-11T06:37:12.1148236Z No update needed for NUnit3TestAdapter 4.0.0
2021-08-11T06:37:12.1148622Z Checking if Microsoft.NET.Test.Sdk 16.10.0 needs updating
2021-08-11T06:37:12.1149003Z No update needed for Microsoft.NET.Test.Sdk 16.10.0
2021-08-11T06:37:12.1149312Z Done
2021-08-11T06:37:12.2975871Z ##[section]Finishing: Run Dependabot
Read more comments on GitHub >

github_iconTop Results From Across the Web

Prettier vscode extension ignoring config files
The extension seems to ignore the config file completely. A collegue has the extension and it works fine with config files. And in...
Read more >
How to ignore config files without adding them to .gitignore?
A gitignore file specifies intentionally untracked files that Git should ignore. Files already tracked by Git are not affected; see the NOTES ...
Read more >
Ignore Files - ESLint - Pluggable JavaScript Linter
A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.
Read more >
Config Ignore
Ever experienced that your site's configuration was overridden, by the configuration on the file system, when running a drush cim ? Not anymore!...
Read more >
Sometimes the ignore.conf does not work
If you checkin the ignore.conf or not is not relevant for the behavior. "ignore.conf" is used to configure ignore rules for not commited...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Mismatch between Dependabot API and Azure DevOps API - Pull request cannot be activated

Next page

API rate limit exceeded