Pre*_*Key 6 azure-devops dependabot dependabot-script
遵循此类指南后,我能够针对我的 Azure DevOps 存储库成功运行 dependentabot,并自动创建 PR。问题是我需要进行一些自定义,例如忽略特定的包,因为 dependentabot 文档说可以在此处完成,但不起作用。
\n不确定这是否是我编写选项对象的方式或其他方式,但似乎没有任何值受到尊重。
\n我的 Azure DevOps Pipeline 如下所示:
\ntrigger:\n- main\n\njobs:\n- job: dependabot\n displayName: Dependabot Execution\n pool:\n vmImage: \'ubuntu-latest\'\n\n variables:\n - name: DIRECTORY_PATH\n value: /MyApp/\n - name: PACKAGE_MANAGER\n value: nuget\n - name: PROJECT_PATH \n value: someDomain/someProject/_git/my-app\n - name: OPTIONS\n value: |\n {"ignore":[{"dependency-name":"NLog*"}]}\n # {"ignore_conditions":[{"dependency-name":"NLog*"}]} # also tried and did not work\n\n steps:\n - script: git clone https://github.com/dependabot/dependabot-script.git\n displayName: Clone Dependabot config repo\n\n - script: |\n cd dependabot-script\n docker build -t "dependabot/dependabot-script" -f Dockerfile .\n displayName: Build Dependabot Image\n\n - script: |\n docker run --rm -e AZURE_ACCESS_TOKEN=\'$(PAT)\' \\\n -e GUTHUB_ACCESS_TOKEN=\'$(GHPAT)\' \\\n -e PACKAGE_MANAGER=\'$(PACKAGE_MANAGER)\' \\\n -e PROJECT_PATH=\'$(PROJECT_PATH)\' \\\n -e DIRECTORY_PATH=\'$(DIRECTORY_PATH)\' \\\n -e OPTIONS=\'$(OPTIONS)\' \\\n dependabot/dependabot-script\n displayName: Run Dependabot\n这是管道运行时的输出:
\nRunning with options: {:ignore=>[{:"dependency-name"=>"NLog*"}]}\nFetching nuget dependency files for someDomain/someProject/_git/my-app\nParsing dependencies information\n - Updating NLog (from 5.1.0)\xe2\x80\xa6 submitted\n - Updating System.Data.SqlClient (from 4.8.4)\xe2\x80\xa6 submitted\nDone\nFinishing: Run Dependabot\n正如您所看到的,创建了 2 个 PR,这很棒,但 NLog 应该被忽略/跳过。我还尝试了其他选项,例如提交消息前缀,但都没有采用。
\n任何帮助表示赞赏!
\n小智 1
另一种方法是使用 tinglesoftware 创建的映像(https://github.com/tinglesoftware/dependabot-azure-devops)。只需在启动 Docker 映像时添加 DEPENDABOT_IGNORE_CONDITIONS 环境变量即可,例如:
- script: |
docker pull ghcr.io/tinglesoftware/dependabot-updater
displayName: Pull docker image
- script: |
docker run --rm -i -e GITHUB_ACCESS_TOKEN='$(GHPAT)' \
-e DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT=10 \
-e AZURE_ACCESS_TOKEN='$(PAT)' \
-e AZURE_ORGANIZATION='$(AZURE_ORGANIZATION)' \
-e AZURE_PROJECT='$(AZURE_PROJECT)' \
-e AZURE_REPOSITORY='$(AZURE_REPOSITORY)' \
-e DEPENDABOT_PACKAGE_MANAGER='$(PACKAGE_MANAGER)' \
-e DEPENDABOT_DIRECTORY='$(DIRECTORY_PATH)' \
-e DEPENDABOT_TARGET_BRANCH='$(BRANCH)' \
-e DEPENDABOT_IGNORE_CONDITIONS='[{"dependency-name":"dotnet/sdk","versions":[">= 7"]}]' \
ghcr.io/tinglesoftware/dependabot-updater
displayName: Run Dependabot
您需要更改 PROJECT_PATH 变量来定义 AZURE_ORGANIZATION、AZURE_PROJECT 和 AZURE_REPOSITORY 变量。
我希望这有帮助
| 归档时间: |
|
| 查看次数: |
804 次 |
| 最近记录: |