jessehouwing
commented
1 year ago Open jessehouwing opened 1 year ago
jessehouwing
commented
1 year ago jessehouwing
commented
1 year ago We could potentially look at this as well, since it would be detecting and returning the dependency object:
jurre
commented
1 year ago Hey, thanks for opening an issue about this! We're currently not accepting new ecosystems natively into Dependabot, there is some background information here. What I would recommend is building the support out as a dedicated gem that builds on top of dependabot-core, then you should be able to run this using a standalone script in your CI provider of choice.
Here's a great example of doing just that: https://github.com/CGA1123/dependabot-lein-runner
jessehouwing
commented
1 year ago With Dependabot coming to Azure DevOps, wouldn't it make sense to actually support its features natively? We'll work on a stand-alone version, but please consider adoprting it. I'm also reaching out to the Azure Pipelines team to see if they can back this project.
jurre
commented
1 year ago If we do decide to support it natively, bringing it in from a standalone gem would be a relatively small lift, so I think that's the best path forward for now, good luck!
Is there an existing issue for this?
Feature description
Azure Pipelines YAML files contain references to tasks in the form of:
While Azure Pipelines will auto update to the latest minor version of each task, it won't do updates to new major versions and has no signal to the pipeline author to indicate they're behind.
We've already implemented a partial version of this based on the Github-Actions code which is very similar and this turns out to be achievable.
With Dependabot functionality coming to Azure DevOps, this is a must-have addition.