adds custom dependabot file location support

[DaleMckeown]

Should resolve #574

[mburumaxwell]

@DaleMckeown thanks for your contribution. However, locking the configuration file path to be under the .github folder happened some months ago because the loading of the ignore conditions is done using the configuration file and the it is expected to either be .github/dependabot.yml or .github/dependabot.yaml. See the ruby code in main repo. This particular line of code is relied upon at

dependabot-azure-devops/updater/bin/update-script.rb

Lines 458 to 468 in b179ed6

	cfg_file = Dependabot::Config::FileFetcher.new(
	source: cfg_source,
	credentials: $options[:credentials],
	options: $options[:updater_options]
	).config_file
	puts "Using configuration file at '#{cfg_file.path}' 😎"
	Dependabot::Config::File.parse(cfg_file.content)
	rescue Dependabot::RepoNotFound, Dependabot::DependencyFileNotFound
	puts "Configuration file was not found, a default config will be used. 😔"
	Dependabot::Config::File.new(updates: [])
	end

If you can get that changed then we can merge this. Even then, maybe we end up fixing to .azuredevops/dependabot.{yaml|yml} unless you can make the config file fetcher dynamic too.

[DaleMckeown]

@mburumaxwell Thanks, I wasn't aware of the upstream requirement. I'll see what I can do.

[DaleMckeown]

Looks like Dependabot::Config::FileFetcher implements Dependabot::FileFetchers::Base, which has an options object.

We could theoretically implement our own config file loader class that implements Dependabot::FileFetchers::Base. We'd be able to supply our own options and add support for .azuredevops/dependabot.{yaml|yml} as well as a user-defined path.

I've never written ruby, but happy to give it a go and see what happens.

@mburumaxwell thoughts on this approach?

[DaleMckeown]

@mburumaxwell I've had a go at this! I can't run the project so it's not tested, I may have missed some bits.

[mburumaxwell]

Thanks for giving it a shot. It does seem like the easiest way to get things to work.
A few things:

1. Can have to retain compatibility with the files under the .github folder. Everyone using this extension at this time, uses that.
2. You need to add specs for tests similar to https://github.com/dependabot/dependabot-core/blob/main/common/spec/dependabot/config/file_fetcher_spec.rb. Once you do, CI will do the test automatically.
3. What about overriding the current functionality instead of a whole new type?
4. Could a better name for this be AzureFileFetcher or FileFetcherAzure`?
5. File support will also need to be added to the server component too.

All in all, kudos for the courage.

[DaleMckeown]

@mburumaxwell I think I've reached the limit of my skillset with this, my lack of knowledge in Ruby is hampering my ability to add the unit tests as requested.

Feel free to abandon this if no one can finish polishing it.

[mburumaxwell]

Sorry, this is exactly what happens when the community asks for a feature. Asking is the easy part, implementing is always the hard part, especially when one has to add tests too.

I can't promise to get on this soon. Hopefully, someone else in need of the same can get it done.

I am certain that there are workarounds for this.

[mburumaxwell]

@DaleMckeown , as per #884 and #885, we no longer parse the dependabot.yml file in the Ruby script but instead pass the necessary details via ENV. This means we can read a file from anywhere. Could you relook into this now? You'd only need to make changes in the extension and server components.