-
-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatically install the Azure Artifacts Credential Provider if DevOps NuGet feeds are configured #1233
Automatically install the Azure Artifacts Credential Provider if DevOps NuGet feeds are configured #1233
Conversation
…ra credentials" are NuGet feeds
There is an existing task in Azure Pipelines that installs & configures NuGet authentication: Would it be possible to glean information from that automatically instead of requiring another environment variable to be set? |
Unfortunately that task doesn't have any impact on the update process since Dependabot is run inside a Docker container which is isolated from the Azure pipeline. Any information configured or provided by that task cannot be accessed from within the Dependabot container instance. With this change, the user does not need to set any additional environment variables; the script will use the auth provided in your |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is good. Still, I think we'll never be able to solve permissions issues given the complex permissions in AzDO and its OnPrem server
{ | ||
"endpoint" => cred["url"], | ||
"username" => "unused", | ||
"password" => cred["token"].delete_prefix("PAT:") # Credentials provider expects the raw token |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In some cases it is only ":{PAT}" or ":{PAT}". I think we should check for colon then split and take second entry, otherwise take as is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, I also didn't consider username/password auth either.
It should now support all of these configs:
{"type":"nuget_feed","url":"https://dev.azure.com/...","token":"PAT:abc123"}
{"type":"nuget_feed","url":"https://dev.azure.com/...","token":":abc123"}
{"type":"nuget_feed","url":"https://dev.azure.com/...","token":"abc123"}
{"type":"nuget_feed","url":"https://dev.azure.com/...","username":"joeblogs","password":"letmein"}
* Bump the event-bus group with 2 updates (tinglesoftware#1156) Bumps the event-bus group with 2 updates: [Tingle.EventBus.Transports.Azure.ServiceBus](https://github.com/tinglesoftware/eventbus) and [Tingle.EventBus.Transports.InMemory](https://github.com/tinglesoftware/eventbus). Updates `Tingle.EventBus.Transports.Azure.ServiceBus` from 0.21.2 to 0.22.0 - [Release notes](https://github.com/tinglesoftware/eventbus/releases) - [Commits](tinglesoftware/eventbus@0.21.2...0.22.0) Updates `Tingle.EventBus.Transports.InMemory` from 0.21.2 to 0.22.0 - [Release notes](https://github.com/tinglesoftware/eventbus/releases) - [Commits](tinglesoftware/eventbus@0.21.2...0.22.0) --- updated-dependencies: - dependency-name: Tingle.EventBus.Transports.Azure.ServiceBus dependency-type: direct:production update-type: version-update:semver-minor dependency-group: event-bus - dependency-name: Tingle.EventBus.Transports.InMemory dependency-type: direct:production update-type: version-update:semver-minor dependency-group: event-bus ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Change updates time from 04:00 to 02:00 to be consistent with our other repositories and hence ease management * Bump the tingle group with 3 updates (tinglesoftware#1157) * Import constants for requirements_update_strategy (tinglesoftware#1159) * Bump rubocop-performance in /updater in the rubocop group (tinglesoftware#1165) * Bump ts-jest from 29.1.4 to 29.1.5 in /extension in the jest group (tinglesoftware#1164) * Bump YamlDotNet from 15.1.6 to 15.3.0 (tinglesoftware#1163) * Bump the azure group with 2 updates (tinglesoftware#1162) * Bump dependabot-omnibus from 0.260.0 to 0.261.0 in /updater (tinglesoftware#1166) * Regenerate lock file which fixes vulnerabilities * Set packageManager in package.json * Bump @types/node in /extension in the js-ts-types group (tinglesoftware#1172) * Bump Azure.Identity from 1.11.4 to 1.12.0 in the azure group (tinglesoftware#1176) * Bump turbo_tests from 2.2.3 to 2.2.4 in /updater (tinglesoftware#1168) * Create groups for sentry and opentelemetry updates * Bump the opentelemetry group in /updater with 4 updates (tinglesoftware#1177) Bumps the opentelemetry group in /updater with 4 updates: [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-ruby), [opentelemetry-instrumentation-excon](https://github.com/open-telemetry/opentelemetry-ruby-contrib), [opentelemetry-instrumentation-faraday](https://github.com/open-telemetry/opentelemetry-ruby-contrib) and [opentelemetry-instrumentation-net_http](https://github.com/open-telemetry/opentelemetry-ruby-contrib). Updates `opentelemetry-exporter-otlp` from 0.27.0 to 0.28.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-ruby@opentelemetry-exporter-otlp/v0.27.0...opentelemetry-exporter-otlp/v0.28.0) Updates `opentelemetry-instrumentation-excon` from 0.22.2 to 0.22.3 - [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-ruby-contrib/blob/main/instrumentation/excon/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-excon/v0.22.2...opentelemetry-instrumentation-excon/v0.22.3) Updates `opentelemetry-instrumentation-faraday` from 0.24.3 to 0.24.5 - [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-ruby-contrib/blob/main/instrumentation/faraday/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-faraday/v0.24.3...opentelemetry-instrumentation-faraday/v0.24.5) Updates `opentelemetry-instrumentation-net_http` from 0.22.5 to 0.22.6 - [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-ruby-contrib/blob/main/instrumentation/net_http/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-ruby-contrib@opentelemetry-instrumentation-net_http/v0.22.5...opentelemetry-instrumentation-net_http/v0.22.6) --- updated-dependencies: - dependency-name: opentelemetry-exporter-otlp dependency-type: direct:production update-type: version-update:semver-minor dependency-group: opentelemetry - dependency-name: opentelemetry-instrumentation-excon dependency-type: direct:production update-type: version-update:semver-patch dependency-group: opentelemetry - dependency-name: opentelemetry-instrumentation-faraday dependency-type: direct:production update-type: version-update:semver-patch dependency-group: opentelemetry - dependency-name: opentelemetry-instrumentation-net_http dependency-type: direct:production update-type: version-update:semver-patch dependency-group: opentelemetry ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump typescript from 5.4.5 to 5.5.2 in /extension (tinglesoftware#1173) * Bump typescript from 5.4.5 to 5.5.2 in /extension Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.4.5 to 5.5.2. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml) - [Commits](microsoft/TypeScript@v5.4.5...v5.5.2) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Update target ESLINT --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Maxwell Weru <[email protected]> * Bump dependabot-omnibus from 0.261.0 to 0.262.0 in /updater (tinglesoftware#1170) Bumps [dependabot-omnibus](https://github.com/dependabot/dependabot-core) from 0.261.0 to 0.262.0. - [Release notes](https://github.com/dependabot/dependabot-core/releases) - [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md) - [Commits](dependabot/dependabot-core@v0.261.0...v0.262.0) --- updated-dependencies: - dependency-name: dependabot-omnibus dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Remove codeql workflows so that we can leverage the automatic setup * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Bump @types/node in /extension in the js-ts-types group (tinglesoftware#1179) * Bump the tingle group with 3 updates (tinglesoftware#1182) * Bump Microsoft.VisualStudio.Azure.Containers.Tools.Targets (tinglesoftware#1183) * Bump Microsoft.FeatureManagement.AspNetCore in the microsoft group (tinglesoftware#1181) * Bump Azure.ResourceManager.AppContainers in the azure group (tinglesoftware#1180) * Bump the sentry group in /updater with 2 updates (tinglesoftware#1184) * Bump dependabot-omnibus from 0.262.0 to 0.263.0 in /updater (tinglesoftware#1185) * Fix missing module name (tinglesoftware#1187) * Reorganise code in to lib folder; seperate dependabot code from tinglesoftware code using unique module names (tinglesoftware#1188) * Add developer guide documentation; ignore extension build artifacts (tinglesoftware#1189) * Bump the sentry group in /updater with 2 updates (tinglesoftware#1193) * Bump @types/node in /extension in the js-ts-types group (tinglesoftware#1195) * Bump typescript from 5.5.2 to 5.5.3 in /extension (tinglesoftware#1196) * Bump dependabot-omnibus from 0.263.0 to 0.264.0 (tinglesoftware#1191) * Use correct version of dependabot-updater base image when running the 'updater' workflow (tinglesoftware#1192) * Fix module name (tinglesoftware#1199) * Use latest dependabot updater code; Remove scripts from `updater/bin` that don't work (tinglesoftware#1197) * Add some more debug statements, and validate data length before reading result (tinglesoftware#1200) * Changes to `.rubocop*.yml`, `.ruby-version`, and `Rakefile` should trigger the updater workflow * Update update-files.ps1 and related files (tinglesoftware#1202) * Enable sorbet and update files (tinglesoftware#1203) * Bump dependabot-omnibus from 0.264.0 to 0.265.0 in /updater (tinglesoftware#1205) Bumps [dependabot-omnibus](https://github.com/dependabot/dependabot-core) from 0.264.0 to 0.265.0. - [Release notes](https://github.com/dependabot/dependabot-core/releases) - [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md) - [Commits](dependabot/dependabot-core@v0.264.0...v0.265.0) --- updated-dependencies: - dependency-name: dependabot-omnibus dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * If allow condition "dependency-name" is nil, use "*"; Use wildcard matching instead of regex matching (tinglesoftware#1208) * Bump the xunit group with 2 updates (tinglesoftware#1212) * Bump the microsoft group with 8 updates (tinglesoftware#1211) * Bump ts-jest from 29.1.5 to 29.2.2 in /extension in the jest group (tinglesoftware#1215) * Bump dotnet-ef from 8.0.6 to 8.0.7 (tinglesoftware#1214) * Fix allow condition logic (tinglesoftware#1209) * Add missing early return statement * Bump YamlDotNet from 15.3.0 to 16.0.0 (tinglesoftware#1213) Bumps YamlDotNet from 15.3.0 to 16.0.0. --- updated-dependencies: - dependency-name: YamlDotNet dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * New "vNext" update script using dependabot-core updater; aligns update behaviour more closely with the GitHub Dependabot service (tinglesoftware#1186) * DevOps extension task new updater commands and options (tinglesoftware#1216) * Bump dependabot-omnibus from 0.265.0 to 0.266.0 in /updater (tinglesoftware#1218) Bumps [dependabot-omnibus](https://github.com/dependabot/dependabot-core) from 0.265.0 to 0.266.0. - [Release notes](https://github.com/dependabot/dependabot-core/releases) - [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md) - [Commits](dependabot/dependabot-core@v0.265.0...v0.266.0) --- updated-dependencies: - dependency-name: dependabot-omnibus dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix error when attempting to update a pre-1.30 pull request using the new vNext script (tinglesoftware#1219) * Fix PRs being incorrectly abandoned when using multiple package ecosystems (tinglesoftware#1221) * Bump the tingle group with 3 updates (tinglesoftware#1229) * Bump Azure.Messaging.ServiceBus from 7.17.5 to 7.18.0 in the azure group (tinglesoftware#1226) * Bump the event-bus group with 2 updates (tinglesoftware#1227) * Bump ts-jest from 29.2.2 to 29.2.3 in /extension in the jest group (tinglesoftware#1224) * Bump @types/node in /extension in the js-ts-types group (tinglesoftware#1225) * Update groups * Log updated file diffs when 'skip pull requests' and 'debug' options are true (tinglesoftware#1230) * Fix for group PRs being closed on refresh when nothing has changed (tinglesoftware#1222) * Bump Microsoft.FeatureManagement.AspNetCore (tinglesoftware#1231) * Fix logging error when creating new PR and the open PR limit has been reached (tinglesoftware#1223) * Automatically install the Azure Artifacts Credential Provider if DevOps NuGet feeds are configured (tinglesoftware#1233) * Bump the sentry group in /updater with 2 updates (tinglesoftware#1235) Bumps the sentry group in /updater with 2 updates: [sentry-opentelemetry](https://github.com/getsentry/sentry-ruby) and [sentry-ruby](https://github.com/getsentry/sentry-ruby). Updates `sentry-opentelemetry` from 5.18.1 to 5.18.2 - [Release notes](https://github.com/getsentry/sentry-ruby/releases) - [Changelog](https://github.com/getsentry/sentry-ruby/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-ruby@5.18.1...5.18.2) Updates `sentry-ruby` from 5.18.1 to 5.18.2 - [Release notes](https://github.com/getsentry/sentry-ruby/releases) - [Changelog](https://github.com/getsentry/sentry-ruby/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-ruby@5.18.1...5.18.2) --- updated-dependencies: - dependency-name: sentry-opentelemetry dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sentry - dependency-name: sentry-ruby dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sentry ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Sync files for updater version 0.266.0 (tinglesoftware#1236) Follow up to tinglesoftware#1235 * Regenerate Gemfile.lock * Bump @types/node in /extension in the js-ts-types group (tinglesoftware#1237) Bumps the js-ts-types group in /extension with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Updates `@types/node` from 20.14.11 to 20.14.12 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: js-ts-types ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump typescript from 5.5.3 to 5.5.4 in /extension (tinglesoftware#1239) Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.5.3 to 5.5.4. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml) - [Commits](microsoft/TypeScript@v5.5.3...v5.5.4) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump gittools/actions from 1 to 2 (tinglesoftware#1238) Bumps [gittools/actions](https://github.com/gittools/actions) from 1 to 2. - [Release notes](https://github.com/gittools/actions/releases) - [Commits](GitTools/actions@v1...v2) --- updated-dependencies: - dependency-name: gittools/actions dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump Microsoft.Azure.AppConfiguration.AspNetCore in the azure group (tinglesoftware#1240) Bumps the azure group with 1 update: [Microsoft.Azure.AppConfiguration.AspNetCore](https://github.com/Azure/Azconfig-DotnetProvider). Updates `Microsoft.Azure.AppConfiguration.AspNetCore` from 7.2.0 to 7.3.0 - [Release notes](https://github.com/Azure/Azconfig-DotnetProvider/releases) - [Commits](Azure/AppConfiguration-DotnetProvider@7.2.0...7.3.0) --- updated-dependencies: - dependency-name: Microsoft.Azure.AppConfiguration.AspNetCore dependency-type: direct:production update-type: version-update:semver-minor dependency-group: azure ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * NuGet feed auth support for Azure DevOps, Azure DevOps Server, and third-party NuGet servers (tinglesoftware#1241) * Add `helpUrl` and `releaseNotes` to the extension task. * Remove unused `useConfigFile` input (tinglesoftware#1244) * Reference discussion for permission in bug report template * Remove docker demand and rely on `tl.which` (tinglesoftware#1246) This should allow private agents with non-standard discovery. * Bump @types/node in /extension in the js-ts-types group (tinglesoftware#1250) * Bump dependabot-omnibus from 0.266.0 to 0.267.0 in /updater (tinglesoftware#1252) * Bump the opentelemetry group in /updater with 6 updates (tinglesoftware#1249) * Fix nuget.config not using correct credentials during NuGet updates of .NET Framework projects (tinglesoftware#1248) * Sync files for updater version 0.267.0 * Enable opentelemetry in `updater_script_vnext` (tinglesoftware#1254) This is the first step towards adding telemetry to the updater. Useful in debugging of issues and general analytics. It follows what the GitHub hosted version has. * Enable sentry in `updater_script_vnext` (tinglesoftware#1255) This is the second step towards monitoring the updater. Useful in debugging of issues and general analytics. It follows what the GitHub hosted version has. OpenTelemetry was setup in tinglesoftware#1254. Next step is to connect the error handler. * Update update_script.rb * Backport NuGet auth fix to `update_script`; Prevent NuGet leaking passwords in logs (tinglesoftware#1256) * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Bump axios from 1.7.2 to 1.7.3 in /extension (tinglesoftware#1264) * Bump @types/node in /extension in the js-ts-types group (tinglesoftware#1262) * Bump ts-jest from 29.2.3 to 29.2.4 in /extension in the jest group (tinglesoftware#1261) * Bump azure-pipelines-task-lib from 4.13.0 to 4.15.0 in /extension (tinglesoftware#1263) * Bump Azure.Messaging.ServiceBus from 7.18.0 to 7.18.1 in the azure group (tinglesoftware#1258) * Bump dependabot-omnibus from 0.267.0 to 0.268.0 in /updater (tinglesoftware#1259) Bumps [dependabot-omnibus](https://github.com/dependabot/dependabot-core) from 0.267.0 to 0.268.0. - [Release notes](https://github.com/dependabot/dependabot-core/releases) - [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md) - [Commits](dependabot/dependabot-core@v0.267.0...v0.268.0) --- updated-dependencies: - dependency-name: dependabot-omnibus dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Regenerate Gemfile.lock * Sync files for updater version 0.268.0 * Update rubocop * Update update_script.rb * Make use of OpenTelemetry in the updater (tinglesoftware#1268) * Update azure.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update azure.rb * Update azure.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update Gemfile * Update update_script.rb * Update Gemfile * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update GitVersion and react to changes (tinglesoftware#1270) * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update updater.yml * revert * Update updater.yml * Update updater.yml * Update updater.yml * Update updater.yml * Update updater.yml * Update updater.yml * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * Update update_script.rb * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * testt * test * test * Update GitVersion.yml so that CI artifacts have better naming * test * test * test * test * clean up * clean up --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Maxwell Weru <[email protected]> Co-authored-by: Rhys Koedijk <[email protected]> Co-authored-by: Berend Haan <[email protected]>
What are you trying to accomplish?
Allow users to authenticate with private Azure DevOps NuGet feeds without any additional configuration or complicated workarounds. Ideally auth should "just work" like it did in v1.24.
Reduce the number of issues users are having with private NuGet feed auth. e.g. see comments in:
nil
into T.must #1232 (comment)Changes
If
DEPENDABOT_EXTRA_CREDENTIALS
contains credentials for an Azure DevOps NuGet feed, the workaround detailed in #921 (comment) will be applied-- more specifically,VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
will be set using the configured credentials, then the Azure Artifacts Credential Provider is installed to the container.This automatically runs for both
update_script.rb
andupdate_script_vnext.rb
.This module can be easily deleted once dependabot/dependabot-core#8927 or some other dependabot-core native auth solution becomes available.