Open gep13 opened 5 years ago
@greysteil I’d also love to have this. What’s involved to make it so? Would it be best done by extending the existing NuGet implementation, or would it be a separate implementation? 🤔
@gitfool I had an email conversation with @greysteil about this at the time that I created this issue. Here is what was said...
@greysteil said... Sounds like we could add this to Dependabot as a new language. The place we’d need to add it is here and there’s an example of a PR that adds a new language here. I’m happy to help out if you’re keen (or if you have anyone who can write Ruby they could probably do it without much help), but am a little swamped for the next couple of weeks. Do you want to open an issue on dependabot core either way, and we can take it from there?
I don't know enough Ruby to help on this, but happy to review/test anything that you might come up with.
Yep, what @gep13 said! I'm super busy at the moment (a couple of big things coming on Dependabot) but always happy to help out. If enough people want this I'll take it on myself when things calm down, too.
@greysteil FWIW, I'm having a look around and some of the repo file names have colons (:
) in them which are invalid file name characters on Windows:
$ git status
On branch master
Your branch is up to date with 'origin/master'.
Changes not staged for commit:
(use "git add/rm <file>..." to update what will be committed)
(use "git checkout -- <file>..." to discard changes in working directory)
deleted: composer/spec/fixtures/packagist_responses/dependabot:dummy-pkg-a.json
deleted: composer/spec/fixtures/packagist_responses/doctrine:dbal.json
deleted: composer/spec/fixtures/packagist_responses/illuminate:console.json
deleted: composer/spec/fixtures/packagist_responses/illuminate:support.json
deleted: composer/spec/fixtures/packagist_responses/longman:telegram-bot.json
deleted: composer/spec/fixtures/packagist_responses/monolog:monolog.json
deleted: composer/spec/fixtures/packagist_responses/neos:flow.json
deleted: composer/spec/fixtures/packagist_responses/path_dep:path_dep.json
deleted: composer/spec/fixtures/packagist_responses/pear-pear.horde.org:horde_date.json
deleted: composer/spec/fixtures/packagist_responses/phpdocumentor:reflection-docblock.json
deleted: composer/spec/fixtures/packagist_responses/symfony:polyfill-mbstring.json
deleted: composer/spec/fixtures/packagist_responses/wpackagist-plugin:acf-to-rest-api.json
I'd prefer to use Windows Subsystem for Linux (WSL) for the Ruby environment while editing in Windows with Visual Studio Code, but then these file names will still cause me grief.
I had no idea! Fixed in https://github.com/dependabot/dependabot-core/commit/4db144e884b53db3b386f905249f514e76950237.
No, stalebot!
@jacob-morgan @gitfool I saw that others created github-actions (ex. https://github.com/patrickjahns/dependabot-terraform-action) to "extend" dependabot in that way while waiting for the "real" implementation in dependabot.
Would that be a "temporary fix" while we're all waiting on this issue?
Edit from the Dependabot team: This is the main tracking issue for adding support for Cake.
PR: https://github.com/dependabot/dependabot-core/pull/958
Related Issues: https://github.com/dependabot/dependabot-core/issues/733
It would be great if dependabot could support updating dependencies which are defined by people using Cake-Build (https://cakebuild.net/).
Cake is a build automation framework, that allows people to take a dependency on NuGet packages that are either an addin, tool or module. You can see examples of the types of dependency definitions here:
https://github.com/cake-contrib/Cake.Recipe/blob/develop/Cake.Recipe/Content/addins.cake#L5-L23 https://github.com/cake-contrib/Cake.Recipe/blob/develop/Cake.Recipe/Content/tools.cake#L5-L20 https://github.com/chocolatey/ChocolateyGUI/blob/develop/setup.cake#L1 https://github.com/chocolatey/ChocolateyGUI/blob/develop/setup.cake#L2
Notice, that there are different ways for these dependencies to be expressed, based on how the project is created.
Cake itself is also a dependency, which is normally defined in the
tools/packages.config
files, as shown here:https://github.com/cake-contrib/Cake.Recipe/blob/develop/tools/packages.config
This is just a normal NuGet packages.config file, so this might already be supported in dependabot today.
We already have an attempt at doing something similar to this on a much smaller scale. For example this PR:
https://github.com/cake-contrib/Cake.Recipe/pull/263
Was created by our automated process.
Documentation on the pre-processor directives that can define these dependencies can be found here:
https://cakebuild.net/docs/fundamentals/preprocessor-directives
./cc @greysteil