Hopefully straight forward but strangely haven't been able to find the answer through a search. We are looking at setting up dependabot through Github to update dependencies for us. We use C# primarily & have libs in both NuGet & our own instance of ProGet. I can set the eco system to nuget but what would I need to do to get it to use our ProGet instance.
Is this the private package registries I have read about & I need to set up the config to use ProGet in a private section? Or can I use nuget & the correct registry will be picked up from the project?
You need to configure your private feed in your /.github/dependabot.yml
:
...
registries:
nuget-example:
type: nuget-feed
url: https://nuget.example.com/v3/index.json
username: octocat@example.com
password: ${{secrets.MY_NUGET_PASSWORD}}
...
And if your feed needs a password or token, set that up in the dependabot secret section as well.