Update package-ignore.json URL
This commit is contained in:
parent
b5ca8283de
commit
809105d439
|
@ -39,7 +39,7 @@ WriteLine(topMatter);
|
|||
|
||||
|
||||
// will change this location in a subsequent update
|
||||
string packagesJsonUrl = "https://gist.githubusercontent.com/richlander/b6e9d0a2550396813c8899dc8b20748d/raw/e4547e94c16e6b0a7749f33c20f981afe5de9188/packages.json";
|
||||
string packagesJsonUrl = "https://raw.githubusercontent.com/dotnet/core/b5ca8283def279b20eced6c0b14c4634659cd6eb/samples/dependadotnet/package-ignore.json";
|
||||
Dictionary<string, string[]> packageIgnore = await GetPackagesInfo(packagesJsonUrl);
|
||||
string validPackageReference = @"PackageReference.*Version=""[0-9]";
|
||||
string packageReference = @"PackageReference Include=""";
|
||||
|
|
|
@ -1,11 +1,13 @@
|
|||
# Dependadotnet -- Generator for dependabot.yml for .NET
|
||||
|
||||
[Dependabot](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/keeping-your-dependencies-updated-automatically) is a GitHub service for automatically updating dependencies listed in project files for various package managers, including NuGet.
|
||||
Dependadotnet generates [Dependabot](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/keeping-your-dependencies-updated-automatically) yaml files for GitHub repositories that contain .NET projects. Dependabot is a GitHub service for automatically updating dependencies listed in project files for various package managers, including NuGet.
|
||||
|
||||
Dependabot works out of the box if you have a solution (`.sln`) or project file (like `.csproj`) at the root or other (singular) location. It also supports `packages.config`.
|
||||
Dependabot works out of the box if you have a solution (`.sln`) or project file (like `.csproj`) at the root of the repo. It also supports `packages.config`.
|
||||
|
||||
This tool is for repos that contain projects that are [not discoverable from any one location](https://github.com/dependabot/feedback/issues/632). [dotnet/samples](https://github.com/dotnet/samples) is a good example of this case, and has a [dependabot.yml](https://github.com/dotnet/samples/blob/master/.github/dependabot.yml) (generated by this tool) that describes all projects within the repo.
|
||||
|
||||
Dependabot also supports specifying ranges of package versions that should be ignored as candidates for updates. The dependadotnet tool uses a [database](package-ignore.json) ([source](https://github.com/richlander/dependabot-data-processing)) that maps target frameworks to incompatible package versions, and generates dependabot manifests to match ([example](https://github.com/richlander/dependabot-dotnet-test-projects/blob/main/.github/dependabot.yml)).
|
||||
|
||||
## Install the tool
|
||||
|
||||
Use the following instructions to install [dependadotnet](https://www.nuget.org/packages/dependadotnet/)
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Nullable>enable</Nullable>
|
||||
|
||||
<Description>A simple .NET Core tool for generating Dependabot config for .NET.</Description>
|
||||
<VersionPrefix>1.0.3</VersionPrefix>
|
||||
<VersionPrefix>1.0.4</VersionPrefix>
|
||||
<Authors>Richard Lander</Authors>
|
||||
<PackageRequireLicenseAcceptance>false</PackageRequireLicenseAcceptance>
|
||||
<PackageLicenseExpression>MIT</PackageLicenseExpression>
|
||||
|
|
|
@ -2330,5 +2330,6 @@
|
|||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
],
|
||||
"count": 131
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue