githubgithub-actionsdependabot

Can I set up Dependabot to use ProGet


Hopefully straight forward but strangely haven't been able to find the answer through a search. We are looking at setting up dependabot through Github to update dependencies for us. We use C# primarily & have libs in both NuGet & our own instance of ProGet. I can set the eco system to nuget but what would I need to do to get it to use our ProGet instance.

Is this the private package registries I have read about & I need to set up the config to use ProGet in a private section? Or can I use nuget & the correct registry will be picked up from the project?


Solution

  • You need to configure your private feed in your /.github/dependabot.yml:

    ...
    
    registries:
      nuget-example:
        type: nuget-feed
        url: https://nuget.example.com/v3/index.json
        username: octocat@example.com
        password: ${{secrets.MY_NUGET_PASSWORD}}
    
    ...
    

    And if your feed needs a password or token, set that up in the dependabot secret section as well.

    Add a dependabot secret

    https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#configuration-options-for-private-registries