maxmustermann/dotnet-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
dotnet-core/samples/dependadotnet/README.md
Maira Wenzel 545504e229 Replace master with main
2021-06-08 15:12:18 -07:00

37 lines
2.1 KiB
Markdown
Raw Blame History

# Dependadotnet -- Generator for dependabot.yml for .NET
Dependadotnet generates [Dependabot](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/keeping-your-dependencies-updated-automatically) yaml files for GitHub repositories that contain .NET projects. Dependabot is a GitHub service for automatically updating dependencies listed in project files for various package managers, including NuGet.
Dependabot works out of the box if you have a solution (`.sln`) or project file (like `.csproj`) at the root of the repo. It also supports `packages.config`.
This tool is for repos that contain projects that are [not discoverable from any one location](https://github.com/dependabot/feedback/issues/632). [dotnet/samples](https://github.com/dotnet/samples) is a good example of this case, and has a [dependabot.yml](https://github.com/dotnet/samples/blob/main/.github/dependabot.yml) (generated by this tool) that describes all projects within the repo.
Dependabot also supports specifying ranges of package versions that should be ignored as candidates for updates. The dependadotnet tool uses a [database](package-ignore.json) ([source](https://github.com/richlander/dependabot-data-processing)) that maps target frameworks to incompatible package versions, and generates dependabot manifests to match ([example](https://github.com/richlander/dependabot-dotnet-test-projects/blob/main/.github/dependabot.yml)).
## Install the tool
Use the following instructions to install [dependadotnet](https://www.nuget.org/packages/dependadotnet/)
```console
dotnet tool install -g dependadotnet
dependadotnet [repo-root]
```
You can uninstall the tool using the following command.
```console
dotnet tool uninstall -g dependadotnet
```
## Usage
`dependadotnet [path-to-repo-root]`
Alternatively, if you are in the repo root, you can use the following pattern to avoid needing to write the path:
`dependadotnet .`
The tool writes to stdout. The following pattern is recommended to generate the dependabot config file (assuming the `.github` directory exists):
`dependadotnet . > .github\dependabot.yml`
Reference in a new issue View git blame Copy permalink