| .. | ||
| dependadotnet.csproj | ||
| package-ignore.json | ||
| Program.cs | ||
| README.md | ||
Dependadotnet -- Generator for dependabot.yml for .NET
Dependadotnet generates Dependabot yaml files for GitHub repositories that contain .NET projects. Dependabot is a GitHub service for automatically updating dependencies listed in project files for various package managers, including NuGet.
Dependabot works out of the box if you have a solution (.sln) or project file (like .csproj) at the root of the repo. It also supports packages.config.
This tool is for repos that contain projects that are not discoverable from any one location. dotnet/samples is a good example of this case, and has a dependabot.yml (generated by this tool) that describes all projects within the repo.
Dependabot also supports specifying ranges of package versions that should be ignored as candidates for updates. The dependadotnet tool uses a database (source) that maps target frameworks to incompatible package versions, and generates dependabot manifests to match (example).
Install the tool
Use the following instructions to install dependadotnet
dotnet tool install -g dependadotnet
dependadotnet [repo-root]
You can uninstall the tool using the following command.
dotnet tool uninstall -g dependadotnet
Usage
dependadotnet [path-to-repo-root]
Alternatively, if you are in the repo root, you can use the following pattern to avoid needing to write the path:
dependadotnet .
The tool writes to stdout. The following pattern is recommended to generate the dependabot config file (assuming the .github directory exists):
dependadotnet . > .github\dependabot.yml