-
Notifications
You must be signed in to change notification settings - Fork 990
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Add support for .NET #212
Conversation
@deinok - FYI. Your opinions welcome! |
I'm no expert, but I think NuGet is the de facto standard for .NET package managers |
@greysteil @evenh This Friday I will writte a document explaining the algorithm to implement this feature.
So if you could wait until I finish the document will be perfect ;) |
Sounds great - happy to wait a bit! |
@greysteil: Awesome! @evenh is correct; NuGet is the official package manager for .NET. We could always add support for alternatives like Paket and OpenWrap later, but NuGet is by far the most popular one and the one we should start with. I also agree with @deinok in that we should support all .NET languages, so we shouldn't bind this to |
👍 will change the template to |
Just a random question, how do I test this thing? After running through all the motions described in
|
OK, renaming done, and the plan to start with NuGet makes sense to me. @asbjornu - can you give me some example spec failures? Setup on this thing is pretty complicated because it runs a lot of languages. When running locally I generally just run the specs for the language and helper I'm working on (e.g., (Oh, and some of the specs, particularly PHP and Python, are crazy slow because it's very hard to stub network connections that happen in sub-processes.) |
Updated the comments, and the TODO list on this PR. I think we're ready to get cracking 🚀 |
Excellent! Here's a gist with the spec failures. |
Here's answers to your questions:
In old-school .NET projects (aka. .NET Framework), the files are called In new-school .NET projects (aka. .NET Core), the packages are managed as I believe we need to support both mechanisms.
I'm not sure there's much work to do it, since all registries need to support the same API. So in essence we should support most if we support the official (nuget.org). |
Nice. This endpoint is exactly what we're looking for for the 👍 on parsing both Only hard thing remaining is thinking about dependency resolution. Does NuGet have a CLI / some other way to give it a dependency file and get the latest resolvable version of a dependency for it? We can (and should) ship something without dependency resolution to start with (that's the state that Java support is currently in). |
Sounds good!
Here's the Just so I understand the requirement fully, what is the input and output of the dependency resolver? Is something like |
Yep, something like that. Here's how we do it in Ruby:
The above approach won't work here because we don't have a lockfile (the |
Dont forget that dependencies can also be defined in *.proj, *.fsproj, etc... |
@deinok: Yes, absolutely. The @greysteil: Here's how NuGet's dependency resolution works. There are no lock files, but I assume one could just do |
Normaly yes, but PackageReference can have two ways of defining it. We should check for the two. And im not sure about VB and the experimental P# |
@greysteil The document we talked, sorry for been one day left. Also here is the full document: Dotnet Support for Dependabot Spec:This document describe how to support .NET packages in dependabot. FileFetcher:FileFetcher should be able to get the following type of files:
FileParser:All files described in FileFetcher are XML based. A The Packages, are identified by Example of
|
If anybody thinks im missing something or im not giving enought information, please say it ;) |
Shouldn't we search for |
Yeah, the old format of *.*proj use the package.config |
That would be great, yeah! 😃 |
Any progress on that spec @deinok? :-) |
@evenh I totaly missed it :( |
@evenh The old format seems pretty much the same but in a more complex way. |
e96067d
to
a50396c
Compare
OK, very basic first version, but this is good to merge and iterate on from master. I'll test it on a couple of repos and then put an alpha flag on it. Thanks for all your help everyone! 🙂 |
Awesome! Looking forward to taking this for a spin! |
https://github.com/greysteil/Nancy/pull/1. Thanks for everyone for all your help! I've got the following as TODO extensions:
It's already live if you log into Dependabot. I'll add it to the website now, too. 🎉 |
@greysteil Many thanks <3.
If you need help in that two things with the specs, I can give a help. Just ask ;) |
@deinok - the thing that would be awesome is an example custom repository to play with. Are you aware of any public ones, other than nuget.org? |
I'm still very new to the .NET world, but I do know that MyGet can host NuGet packages |
@greysteil Yeah, I can give the specs for that and create a sample. Give me some days and I will write the spec and sample |
One possibility is to spin up an instance of Nexus OSS (it’s simple to run via Docker). They provide custom Maven and NuGet repositories/feeds out of the box |
Awesome, thanks guys! Looking at MyGet, there are some public feeds there that give me enough information for me to have a first go at an integration. I'd very much appreciate a spec whenever you have time, though, @deinok - I'm sure there will be things I miss without it! |
OK, custom repository support is done and should be pretty solid now. You can enter auth credentials from the dashboard, and it will pull repo URLs from the I'm going to power through |
Support for |
One of the most useful features would be .sln support. It is like the parent of all the projects. |
Interesting - what information would it give us? |
Shouldn't be too tricky - to start with we can just regex the file for references to *.*proj. I'll take a look today. |
@greysteil Hey should we add a meta issue for .NET or track all this things here? |
A meta issue would be great - would make progress a lot more visible to others, especially since this PR is merged now. Are you happy to create it? |
Done. |
Starter for Dotnet support.
TODO
We should start by looking into