dotnet-core/samples/dependadotnet/README.md

# Dependadotnet -- Generator for dependabot.yml for .NET

Dependadotnet generates [Dependabot](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/keeping-your-dependencies-updated-automatically) yaml files for GitHub repositories that contain .NET projects. Dependabot is a GitHub service for automatically updating dependencies listed in project files for various package managers, including NuGet.

Dependabot works out of the box if you have a solution (`.sln`) or project file (like `.csproj`) at the root of the repo. It also supports `packages.config`.

This tool is for repos that contain projects that are [not discoverable from any one location](https://github.com/dependabot/feedback/issues/632). [dotnet/samples](https://github.com/dotnet/samples) is a good example of this case, and has a [dependabot.yml](https://github.com/dotnet/samples/blob/main/.github/dependabot.yml) (generated by this tool) that describes all projects within the repo.

Dependabot also supports specifying ranges of package versions that should be ignored as candidates for updates. The dependadotnet tool uses a [database](package-ignore.json) ([source](https://github.com/richlander/dependabot-data-processing)) that maps target frameworks to incompatible package versions, and generates dependabot manifests to match ([example](https://github.com/richlander/dependabot-dotnet-test-projects/blob/main/.github/dependabot.yml)).

## Install the tool

Use the following instructions to install [dependadotnet](https://www.nuget.org/packages/dependadotnet/)

```console
dotnet tool install -g dependadotnet
dependadotnet [repo-root]
```

You can uninstall the tool using the following command.

```console
dotnet tool uninstall -g dependadotnet
```

## Usage

`dependadotnet [path-to-repo-root]`

Alternatively, if you are in the repo root, you can use the following pattern to avoid needing to write the path:

`dependadotnet .`

The tool writes to stdout. The following pattern is recommended to generate the dependabot config file (assuming the `.github` directory exists):

`dependadotnet . > .github\dependabot.yml`
Update README.md 2020-11-12 05:59:02 +01:00			`# Dependadotnet -- Generator for dependabot.yml for .NET`
Add dependadotnet tool (#5578) * Add dependadotnet tool * Update comments * Add README.md * Update dependabot link * Add space * Update samples/dependadotnet/Program.cs Co-authored-by: Bill Wagner <wiwagn@microsoft.com> * Update samples/dependadotnet/Program.cs Co-authored-by: Bill Wagner <wiwagn@microsoft.com> * Update method Co-authored-by: Bill Wagner <wiwagn@microsoft.com> 2020-11-12 03:49:13 +01:00
Update package-ignore.json URL 2020-11-25 06:59:25 +01:00			`Dependadotnet generates [Dependabot](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/keeping-your-dependencies-updated-automatically) yaml files for GitHub repositories that contain .NET projects. Dependabot is a GitHub service for automatically updating dependencies listed in project files for various package managers, including NuGet.`
Add dependadotnet tool (#5578) * Add dependadotnet tool * Update comments * Add README.md * Update dependabot link * Add space * Update samples/dependadotnet/Program.cs Co-authored-by: Bill Wagner <wiwagn@microsoft.com> * Update samples/dependadotnet/Program.cs Co-authored-by: Bill Wagner <wiwagn@microsoft.com> * Update method Co-authored-by: Bill Wagner <wiwagn@microsoft.com> 2020-11-12 03:49:13 +01:00
Update package-ignore.json URL 2020-11-25 06:59:25 +01:00			Dependabot works out of the box if you have a solution (`.sln`) or project file (like `.csproj`) at the root of the repo. It also supports `packages.config`.
Add dependadotnet tool (#5578) * Add dependadotnet tool * Update comments * Add README.md * Update dependabot link * Add space * Update samples/dependadotnet/Program.cs Co-authored-by: Bill Wagner <wiwagn@microsoft.com> * Update samples/dependadotnet/Program.cs Co-authored-by: Bill Wagner <wiwagn@microsoft.com> * Update method Co-authored-by: Bill Wagner <wiwagn@microsoft.com> 2020-11-12 03:49:13 +01:00
Replace master with main 2021-06-09 00:12:18 +02:00			`This tool is for repos that contain projects that are [not discoverable from any one location](https://github.com/dependabot/feedback/issues/632). [dotnet/samples](https://github.com/dotnet/samples) is a good example of this case, and has a [dependabot.yml](https://github.com/dotnet/samples/blob/main/.github/dependabot.yml) (generated by this tool) that describes all projects within the repo.`
Add dependadotnet tool (#5578) * Add dependadotnet tool * Update comments * Add README.md * Update dependabot link * Add space * Update samples/dependadotnet/Program.cs Co-authored-by: Bill Wagner <wiwagn@microsoft.com> * Update samples/dependadotnet/Program.cs Co-authored-by: Bill Wagner <wiwagn@microsoft.com> * Update method Co-authored-by: Bill Wagner <wiwagn@microsoft.com> 2020-11-12 03:49:13 +01:00
Update package-ignore.json URL 2020-11-25 06:59:25 +01:00			`Dependabot also supports specifying ranges of package versions that should be ignored as candidates for updates. The dependadotnet tool uses a [database](package-ignore.json) ([source](https://github.com/richlander/dependabot-data-processing)) that maps target frameworks to incompatible package versions, and generates dependabot manifests to match ([example](https://github.com/richlander/dependabot-dotnet-test-projects/blob/main/.github/dependabot.yml)).`

Add dependadotnet tool (#5578) * Add dependadotnet tool * Update comments * Add README.md * Update dependabot link * Add space * Update samples/dependadotnet/Program.cs Co-authored-by: Bill Wagner <wiwagn@microsoft.com> * Update samples/dependadotnet/Program.cs Co-authored-by: Bill Wagner <wiwagn@microsoft.com> * Update method Co-authored-by: Bill Wagner <wiwagn@microsoft.com> 2020-11-12 03:49:13 +01:00			`## Install the tool`

			`Use the following instructions to install [dependadotnet](https://www.nuget.org/packages/dependadotnet/)`

			```console
			`dotnet tool install -g dependadotnet`
			`dependadotnet [repo-root]`
			```

			`You can uninstall the tool using the following command.`

			```console
			`dotnet tool uninstall -g dependadotnet`
			```

			`## Usage`

			`dependadotnet [path-to-repo-root]`

			`Alternatively, if you are in the repo root, you can use the following pattern to avoid needing to write the path:`

			`dependadotnet .`

			The tool writes to stdout. The following pattern is recommended to generate the dependabot config file (assuming the `.github` directory exists):

			`dependadotnet . > .github\dependabot.yml`