This project allows you to run GitHub Dependabot to scan Azure DevOps repositories, via Azure Pipelines, thanks to Azure Functions.
| Component | Status | Notes |
|---|---|---|
| Orchestrator Trigger | 100% | |
| Main Orchestrator | 90% | |
| ACI Orchestrator | 90% | |
| ACI - Creation | 100% | Currently pulling only from public registry |
| ACI - Check Status | 0% | |
| ACI - Event Handler | 80% | Missing: should report differently between success and failure |
| ACI - Deletion | 100% | |
| In-container event handler | 50% | |
| Container Image - Test image | 100% | |
| Container Image - Production Image | 95% | Huge size |
| Deployment Scripts | 0% |
[Description TBC]
[Description TBC]
- PAT on Azure DevOps
- PAT on GitHub
- Service Principal in Azure to create ACI
- Resource Group in Azure
To support the flow above, a modified version of the Dependabot Script container is used.
It takes the original, and add the components needed to check the execution of the job and report back to the orchestrator.
The container image is hosted in Docker Hub and it's called dependabot-azuredevops-atscale
If you want to test it out manually:
docker pull n3wt0n/dependabot-azuredevops-atscale
docker run --rm \
--env "PROJECT_PATH=organization/project/_git/repo-name" \
--env "DIRECTORY_PATH=folder/containing/dependencies" \
--env "BRANCH=branch_to_scan" \
--env "AZURE_ACCESS_TOKEN=XXX_PAT_XXX" \
--env "PULL_REQUEST_ASSIGNEE=username" \
--env "GITHUB_ACCESS_TOKEN=xxx_PAT_xxx" \
--env "PACKAGE_MANAGER=bundler" \
n3wt0n/dependabot-azuredevops-atscale| Variable Name | Default | Notes |
|---|---|---|
DIRECTORY_PATH |
/ |
Directory where the base dependency files are. |
PACKAGE_MANAGER |
bundler |
Valid values: bundler, cargo, composer, dep, docker, elm, go_modules, gradle, hex, maven, npm_and_yarn, nuget, pip (includes pipenv), submodules, terraform |
PROJECT_PATH |
N/A (Required) | Path to repository. Format <organization>/<project>/_git/<repo-name>. |
BRANCH |
N/A (Optional) | Branch to fetch manifest from and open pull requests against. |
PULL_REQUESTS_ASSIGNEE |
N/A (Optional) | User to assign to the created pull request. |
AZURE_ACCESS_TOKEN |
N/A (Required) | Personal Access Token (PAT) with access to Azure DevOps, with permissions to read the repo content and create pull requests |
GITHUB_ACCESS_TOKEN |
N/A (Optional) | Personal Access Token (PAT) used just for Authentication purposes * |
* without this token, you may receive errors of request throttling or blocked requests when checking against dependencies hosted on GitHub.