Private Cargo Registry Support for Dependabot - [GA] (#50154)

Co-authored-by: Ankit Honey <honeyankit@github.com> Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
github · Jun 3, 2024 · 5beb993 · 5beb993
1 parent d0bd66a
commit 5beb993
Show file tree

Hide file tree

Showing 7 changed files with 55 additions and 5 deletions.
diff --git a/...dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md b/...dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
@@ -937,7 +937,8 @@ You can give {% data variables.product.prodname_dependabot %} access to private
 
 **Note:** Private registries behind firewalls on private networks are supported for the following ecosystems:
 
-- Bundler
+- Bundler{% ifversion dependabot-updates-cargo-private-registry-support %}
+- Cargo{% endif %}
 - Docker
 - Gradle
 - Maven
@@ -981,6 +982,18 @@ You must provide the required settings for each configuration `type` that you sp
 
 {% data reusables.dependabot.advanced-private-registry-config-link %}
 
+{% ifversion dependabot-updates-cargo-private-registry-support %}
+
+### `cargo-registry`
+
+The `cargo-registry` type supports a token.
+
+{% data reusables.dependabot.dependabot-updates-path-match %}
+
+{% data reusables.dependabot.cargo-private-registry-config-example %}
+
+{% endif %}
+
 ### `composer-repository`
 
 The `composer-repository` type supports username and password. {% data reusables.dependabot.password-definition %}

diff --git a/...pendabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md b/...pendabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md
@@ -27,7 +27,8 @@ This article contains recommendations and advice to help you configure {% data v
 
 You'll find detailed guidance for the setup of the following package managers:
 
-- [Bundler](#bundler)
+- [Bundler](#bundler){% ifversion dependabot-updates-cargo-private-registry-support %}
+- [Cargo](#cargo){% endif %}
 - [Docker](#docker)
 - [Gradle](#gradle)
 - [Maven](#maven)
@@ -88,6 +89,18 @@ registries:
 
 {% data reusables.dependabot.access-private-dependencies-link %}
 
+{% ifversion dependabot-updates-cargo-private-registry-support %}
+
+### Cargo
+
+Cargo supports username, password  and token-based authentication. For more information, see `cargo-registry` in "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#cargo-registry)."
+
+The snippet below shows a `dependabot.yml` file configuration that uses a token.
+
+{% data reusables.dependabot.cargo-private-registry-config-example %}
+
+{% endif %}
+
 ### Docker
 
 Docker supports using a username and password for registries. For more information, see `docker-registry` in "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#docker-registry)."

diff --git a/content/get-started/learning-about-github/github-language-support.md b/content/get-started/learning-about-github/github-language-support.md
@@ -21,7 +21,7 @@ Some {% data variables.product.prodname_dotcom %} products have features that ar
 
 ## Core languages supported by {% data variables.product.prodname_dotcom %} features
 
-Core languages for {% data variables.product.prodname_dotcom %} features include C, C++, C#, Go, Java, JavaScript, PHP, Python, Ruby, Scala, and TypeScript. For features that support package managers, the currently supported package managers are included in the table with their relevant languages.
+Core languages for {% data variables.product.prodname_dotcom %} features include C, C++, C#, Go, Java, JavaScript, PHP, Python, Ruby,{% ifversion dependabot-updates-cargo-private-registry-support %} Rust,{% endif %} Scala, and TypeScript. For features that support package managers, the currently supported package managers are included in the table with their relevant languages.
 
 Some features are supported for additional languages or package managers. If you want to know whether another language is supported for a feature or to request support for a language, visit {% data variables.contact.community_support_forum %}.
 
@@ -35,6 +35,7 @@ Some features are supported for additional languages or package managers. If you
 {% data reusables.supported-languages.php %}
 {% data reusables.supported-languages.python %}
 {% data reusables.supported-languages.ruby %}
+{% data reusables.supported-languages.rust %}
 {% data reusables.supported-languages.scala %}
 {%- ifversion codeql-swift-beta or supply-chain-features-swift-support %}
 {% data reusables.supported-languages.swift %}
@@ -44,6 +45,8 @@ Some features are supported for additional languages or package managers. If you
 {% note %}
 
 **Notes:**
+
+{% ifversion fpt or ghec %}- The language support for {% data variables.product.prodname_copilot %} varies depending on the volume and diversity of training data for that language.{% endif %}
 - The support of Gradle for the dependency graph and {% data variables.product.prodname_dependabot_alerts %} is limited to the upload of data obtained using the {% data variables.dependency-submission-api.name %}.
 - PHP and Scala are supported for {% data variables.product.prodname_code_scanning %} by third-party actions.
 

diff --git a/data/features/dependabot-updates-cargo-private-registry-support.yml b/data/features/dependabot-updates-cargo-private-registry-support.yml
@@ -0,0 +1,6 @@
+# Reference: issue  #13801
+# Private Cargo Registry Support for Dependabot - [GA]
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.13'
diff --git a/data/reusables/dependabot/cargo-private-registry-config-example.md b/data/reusables/dependabot/cargo-private-registry-config-example.md
@@ -0,0 +1,14 @@
+{% raw %}
+
+```yaml
+registries:
+  cargo-example:
+    type: cargo-registry
+    registry: "name-of-your-registry"
+    url: https://cargo.cloudsmith.io/foobaruser/test/
+    token: "Token ${{secrets.CARGO_TOKEN}}"
+```
+
+{% endraw %}
+
+We tested this configuration against the `https://cargo.cloudsmith.io` private registry.
diff --git a/data/reusables/dependabot/supported-package-managers.md b/data/reusables/dependabot/supported-package-managers.md
@@ -7,7 +7,7 @@ The following table shows, for each package manager:
 Package manager | YAML value      | Supported versions | Private repositories | Private registries | Vendoring
 ---------------|------------------|------------------|:---:|:---:|:---:
 Bundler        | `bundler`        | v1, v2           | {% octicon "x" aria-label="Not supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
-[Cargo](#cargo)          | `cargo`          | v1               | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} (git only) | {% octicon "x" aria-label="Not supported" %} |
+[Cargo](#cargo)          | `cargo`          | v1               | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}{% ifversion dependabot-updates-cargo-private-registry-support %}{% else %} (Git only){% endif %} | {% octicon "x" aria-label="Not supported" %} |
 Composer       | `composer`       | v1, v2           | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
 {% ifversion dependabot-version-updates-devcontainer-support %}[Dev containers](#dev-containers) | `devcontainers`         | Not applicable               | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
 {% endif %}{% ifversion dependabot-version-updates-enhanced-docker-support %}[Docker](#docker){% else %}Docker{% endif %}         | `docker`         | v1               | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
@@ -39,7 +39,7 @@ pipenv         | `pip`            | <= 2021-05-29    | {% octicon "x" aria-label
 
 #### Cargo
 
-Private registry support applies to git registries, and doesn't include cargo registries.
+{% ifversion dependabot-updates-cargo-private-registry-support %}Private registry support includes cargo registries, so you can use {% data variables.product.prodname_dependabot %} to keep your Rust dependencies up-to-date. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#cargo)."{% else %}Private registry support applies to Git registries, and doesn't include cargo registries.{% endif %}
 
 {% ifversion dependabot-version-updates-devcontainer-support %}
 

diff --git a/data/reusables/supported-languages/rust.md b/data/reusables/supported-languages/rust.md
@@ -0,0 +1 @@
+| Rust {% ifversion fpt or ghec %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% elsif ghes > 3.13 %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% else %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "x" aria-label="Unsupported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% endif %}