Parameterizing the Milestone Field in dependabot.yml is not working as expected

[vishnuprakash9845]

Describe the bug I have a question regarding the parameterization of fields in the dependabot.yml file. Specifically, can the milestone field be parameterized in the same way as the token field?

I am managing NuGet packages, particularly the SumNumbers package, in Azure Artifacts. I have configured the following dependabot.yml file for version updates. The pipeline triggers using Dependabot with the configuration below and successfully creates a Pull Request.

My goal is to attach a User Story work item to the PR. When I hardcode the work item ID, it works as expected. However, when I attempt to parameterize the work item ID, it does not attach the work item to the PR.

dependabot.yml

version: 2
updates:
-package-ecosystem: "nuget" # See documentation for possible values
  directory: "/" # Location of package manifests
  #milestone: 25634
  milestone: ${{WorkItemId}}
  target-branch: "main"
  labels:
    - "SumNumbers"
    - "Nuget dependencies"
  commit-message:
      prefix: "Nuget SumNumbers Dependency Update"
  allow:
    - dependency-name: "SumNumbers"
  open-pull-requests-limit: 5
  registries:
      - azure_artifacts
registries:
  azure_artifacts:
    type: "nuget-feed"
    url: "https://pkgs.dev.azure.com/MyProject/47ad2345353535/_packaging/learningfeed/nuget/v3/index.json"
    token: "PAT:<PAT_TOKEN>"

azure-pipelines.yml Here I am passing the workitemid after the token.

 - task: dependabot@2
          displayName: Run Dependabot on ${{repositoryName}}
          continueOnError: true
          inputs:
            targetRepositoryName: ${{repositoryName}}
            setAutoComplete: false
            mergeStrategy: 'noFastForward'
            autoApprove: false 
            autoApproveUserToken: $(DEPLOY_PAT)
            azureDevOpsAccessToken: $(DEPLOY_PAT)
            targetUpdateIds: 
          timeoutInMinutes: 10
          env:
            TOKEN: $(DEPLOY_PAT)
            WorkItemId: $(workitemid)

Categorization

• [x ] This is not a permissions issue (Seek help at https://github.com/tinglesoftware/dependabot-azure-devops/discussions/1245)

Expected behavior Parameterizing the Milestone Field in dependabot.yml should be possible.

Logs and screenshots This is the image of the PR where the workitem field is empty

Extension (please complete the following information):

• Host: Azure DevOps
• Version 1.36.0.987

Additional context Could you please help me identify what I might be missing or doing incorrectly?

[rhyskoedijk]

@vishnuprakash9845, this scenario is not currently supported. Only sensitive properties in the registry section can be replaced using variable placeholders currently.

I have submitted https://github.com/tinglesoftware/dependabot-azure-devops/pull/1449 which will allow milestone and a few others to be replaced using variable placeholders, but it is up to the project maintainer to decide if they ok with this change as I believe their intention was to only allow secrets to be replaced.

[mburumaxwell]

While this is nice to have, I would very much prefer to have configuration files be very close to the official one. I feel this will open the door for other problems. I do not see why the assignees, reviews, milestone, and target-branch should not be fixed in the configuration file.