search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.53k stars 944 forks source link

Dependabot does not detect csproj files in repository #10145

Closed GeertvanHorrik closed 2 days ago

GeertvanHorrik commented 4 days ago

Is there an existing issue for this?

Package ecosystem

NuGet

Package manager version

6.8

Language version

N/A

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
registries:
  nuget-feed-default:
    type: nuget-feed
    url: https://api.nuget.org/v3/index.json

updates:
- package-ecosystem: github-actions
  directory: "/"
  schedule:
    interval: weekly

- package-ecosystem: nuget
  directory: "/"
  schedule:
    interval: daily
  open-pull-requests-limit: 10
  ignore:
  - dependency-name: "*Analyzers"
    versions:
    - ">= 0"
  registries:
  - nuget-feed-default

Updated dependency

None

What you expected to see, versus what you actually saw

I expect several dependencies to be updated, but none were detected.

Native package manager behavior

Updates are available.

Images of the diff or a link to the PR, issue, or logs

We use global.json to define the tooling versions. I seems that if we use this, dependabot cannot find any csproj files:

Part of logging:

updater | /opt/nuget/NuGetUpdater/NuGetUpdater.Cli discover --repo-root /home/dependabot/dependabot-updater/repo --workspace / --output /tmp/.dependabot/discovery.json --verbose
updater | Discovering build files in workspace [/home/dependabot/dependabot-updater/repo].
updater |   Discovered [.config/dotnet-tools.json] file.
updater |   No global.json file found.
updater |   Discovering projects beneath [.].
updater |   No project files found.
updater |   Central Package Management is not enabled.
updater | Discovery complete.

Repository: https://github.com/catel/catel

A few things that could be of interest:

  1. We use wildcard dependencies (e.g. 8.0.*, but seems not the issue since it cannot even detect csproj files)
  2. We use disabled package sources (but that doesn't seem the issue, since it cannot even detect csproj files)
  3. We use global.json for tooling version (but that's just one of the things that should be updated)
  4. We use a combination of Directory.Build.props

Smallest manifest that reproduces the issue

No response

rhyskoedijk commented 3 days ago

@GeertvanHorrik does changing the directory from / to /src help? AFAIK the directory needs to contain a solution or project file. 

- package-ecosystem: nuget
  directory: "/src"

You might also be able to add multiple directories if you want it to check both dotnet-tools and your projects.

- package-ecosystem: nuget
  directories: 
    - "/"
    - "/src"
GeertvanHorrik commented 2 days ago

That works, thanks!

jeffwidman commented 2 days ago

Thanks @rhyskoedijk ! Appreciate you chiming in here. 🙇