search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PR's.
https://docs.github.com/en/code-security/dependabot
MIT License
4.5k stars 936 forks source link

Support .NET Tools updates in a repository that only contains a tools manifest #9408

Open martincostello opened 3 months ago

martincostello commented 3 months ago

Is there an existing issue for this?

Feature description

I have a GitHub workflow that uses some .NET global tools to do things where the versions were pinned using environment variables. I had the idea that if I used a .config/dotnet-tools.json file to specify the versions instead, I could leverage dependabot to keep the tools up-to-date without me needing to manually bump the versions (see https://github.com/martincostello/github-automation/commit/64b1cd7dfcc01c8586fcffaa1799d04a1db619fc).

However, it turns out that this won't work as-is because my repository doesn't contain any .NET code:

Errored with the message "Dependabot couldn't find a *.(sln|csproj|vbproj|fsproj|proj)"

image

It would be beneficial to update the relevant code to support this scenario by checking for the presence of a .config/dotnet-tools.json file in the root of the repository so that the job does not bail-out early with an error.

xt0rted commented 2 months ago

I've run into this a number of times, and again just now. In my situation the repo is using full framework and a couple non-sdk style projects so I can't use dependabot on the projects, but I do want it on the local tools.