Skip to content

Commit

Permalink
Merge branch 'main' into fix-text-formatting-with-colon-1
Browse files Browse the repository at this point in the history
  • Loading branch information
nguyenalex836 authored Nov 26, 2024
2 parents f55462e + 394286d commit 4131302
Show file tree
Hide file tree
Showing 8 changed files with 50 additions and 15 deletions.
34 changes: 34 additions & 0 deletions .github/workflows/reviewers-dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Add Dependabot Core Maintainers as Reviewers

# **What it does**: Automatically add reviewers based on paths, for docs-internal and docs repos.
# **Why we have it**: So dependabot maintainers can be notified about relevant pull requests.
# **Who does it impact**: dependabot-core.

on:
pull_request:
paths:
- 'data/reusable/dependabot/**'
- 'content/code-security/dependabot/**'
- 'content/rest/dependabot/**'

jobs:
add-reviewer:
if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
runs-on: ubuntu-latest
steps:
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Add Dependabot Core Maintainers as reviewers
env:
GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
PR: ${{ github.event.pull_request.html_url }}
run: |
has_reviewer=$(
gh pr view $PR --json reviews |
jq 'any(.reviews[]; select(length > 0))'
)
if ! $has_reviewer
then
gh pr edit $PR --add-reviewer github/dependabot-core
fi
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ The following aggregate metrics will be collected and transmitted on a daily bas
| CF | `packages_stats.ecosystems.nuget.internal_packages_count` | Number of internal NuGet packages |
| CG | `packages_stats.ecosystems.nuget.user_packages_count` | Number of NuGet packages owned by user accounts |
| CH | `packages_stats.ecosystems.nuget.organization_packages_count` | Number of NuGet packages owned by organizations |
| CI | `packages_stats.ecosystems.nuget.daily_download_count` | Number of downloads of Nuget packages |
| CI | `packages_stats.ecosystems.nuget.daily_download_count` | Number of downloads of NuGet packages |
| CJ | `packages_stats.ecosystems.nuget.daily_update_count` | Number of NuGet packages updated |
| CK | `packages_stats.ecosystems.nuget.daily_delete_count` | Number of NuGet packages deleted |
| CL | `packages_stats.ecosystems.nuget.daily_create_count` | Number of NuGet packages created |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -334,8 +334,8 @@ Creating a {% data variables.product.prodname_codeql %} database without buildin

You can ensure a more accurate analysis by taking the following steps:

* Provide access to the public internet or ensure that access to a private Nuget feed is available.
* Check whether the repository requires multiple versions of the same Nuget dependency. {% data variables.product.prodname_codeql %} can use only one version and usually chooses the newer version where there are multiple versions. This approach may not work for all repositories.
* Provide access to the public internet or ensure that access to a private NuGet feed is available.
* Check whether the repository requires multiple versions of the same NuGet dependency. {% data variables.product.prodname_codeql %} can use only one version and usually chooses the newer version where there are multiple versions. This approach may not work for all repositories.
* Check whether multiple versions of .NET are referenced, for example, `net48`, `net5.0`, and `netstandard1.6`. {% data variables.product.prodname_codeql %} can use only one version and this may affect accuracy.
* Avoid colliding class names, otherwise this may cause missing method call targets, which has an impact on dataflow analysis.

Expand Down Expand Up @@ -379,13 +379,13 @@ If `autobuild` detects multiple solution or project files at the same (shortest)

For .NET Core application development on self-hosted runners, the .NET SDK is required (for `dotnet`).

For .NET Framework application development, you will need Microsoft Build Tools (for `msbuild`) and Nuget CLI (for `nuget`).
For .NET Framework application development, you will need Microsoft Build Tools (for `msbuild`) and NuGet CLI (for `nuget`).

Windows runners require `powershell.exe` to be on the `PATH`.

{% ifversion codeql-no-build-csharp %}

If you plan to create {% data variables.product.prodname_codeql %} databases using `build-mode: none`, you also need to provide access to the public internet, or you must ensure that access to a private Nuget feed is available.
If you plan to create {% data variables.product.prodname_codeql %} databases using `build-mode: none`, you also need to provide access to the public internet, or you must ensure that access to a private NuGet feed is available.

{% endif %}

Expand All @@ -404,7 +404,7 @@ For .NET Framework application development, you will require Mono Runtime (to ru

{% ifversion codeql-no-build-csharp %}

If you plan to create {% data variables.product.prodname_codeql %} databases using `build-mode: none`, you also need to provide access to the public internet, or you must ensure that access to a private Nuget feed is available.
If you plan to create {% data variables.product.prodname_codeql %} databases using `build-mode: none`, you also need to provide access to the public internet, or you must ensure that access to a private NuGet feed is available.

{% endif %}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ With a {% data variables.product.prodname_copilot_enterprise %} license, you can

## Dismissing {% data variables.product.prodname_dependabot_alerts %}

> [!TIP]
> [!NOTE]
> You can only dismiss open alerts.
If you schedule extensive work to upgrade a dependency, or decide that an alert does not need to be fixed, you can dismiss the alert. Dismissing alerts that you have already assessed makes it easier to triage new alerts as they appear.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ updates:
interval: "daily"
```
>[!TIP]
> [!NOTE]
> The `directories` key supports globbing and the wildcard character `*`. These features are not supported by the `directory` key.

```yaml
Expand Down Expand Up @@ -1027,7 +1027,7 @@ You can give {% data variables.product.prodname_dependabot %} access to private
> * Gradle
> * Maven
> * Npm
> * Nuget{% ifversion dependabot-updates-pub-private-registry %}
> * NuGet{% ifversion dependabot-updates-pub-private-registry %}
> * Pub{% endif %}
> * Python
> * Yarn
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ topics:

Using {% data variables.product.prodname_actions %} runners allows you to more easily identify {% data variables.product.prodname_dependabot %} job errors and manually detect and troubleshoot failed runs. You can also integrate {% data variables.product.prodname_dependabot %} into your CI/CD pipelines by using {% data variables.product.prodname_actions %} APIs and webhooks to detect {% data variables.product.prodname_dependabot %} job status such as failed runs, and perform downstream processing. For more information, see "[AUTOTITLE](/rest/actions)" and "[AUTOTITLE](/webhooks/webhook-events-and-payloads)."

>[!TIP] Running {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_dotcom %}-hosted and self-hosted runners **does not** count towards your included {% data variables.product.prodname_actions %} minutes. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)."
> [!NOTE]
> Running {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_dotcom %}-hosted and self-hosted runners **does not** count towards your included {% data variables.product.prodname_actions %} minutes. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)."
You can run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} using:
* {% data variables.product.prodname_dotcom %}-hosted runners
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ You'll find detailed guidance for the setup of the following package managers:
* [Gradle](#gradle)
* [Maven](#maven)
* [npm](#npm)
* [Nuget](#nuget){% ifversion dependabot-updates-pub-private-registry %}
* [NuGet](#nuget){% ifversion dependabot-updates-pub-private-registry %}
* [pub](#pub){% endif %}
* [Python](#python)
* [Yarn](#yarn)
Expand Down Expand Up @@ -323,7 +323,7 @@ For scoped dependencies (`@my-org/my-dep`), {% data variables.product.prodname_d

Registries should be configured using the `https` protocol.

### Nuget
### NuGet

Supported by Artifactory, Artifacts, Cloudsmith, {% data variables.product.prodname_registry %} registry, Nexus, and ProGet.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -226,11 +226,11 @@ If the `yarn.lock` file doesn't list the private registry as the dependency sour
> [!NOTE]
> For scoped dependencies (`@my-org/my-dep`), {% data variables.product.prodname_dependabot %} requires that the private registry is defined in the project's `.yarnrc` file. To define private registries for individual scopes, use `"@myscope:registry" "https://private_registry_url"`.

## Nuget
## NuGet

To allow the Nuget ecosystem to only access private registries, you can configure the `dependabot.yml` file. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#nuget-feed)."
To allow the NuGet ecosystem to only access private registries, you can configure the `dependabot.yml` file. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#nuget-feed)."

The Nuget ecosystem additionally requires a `nuget.config` file to be checked into the repository, with either a `< clear />` tag in `<packageSources>` section or a key `nuget.org` as true in the `disabledPackageSources` section of the `nuget.config` file.
The NuGet ecosystem additionally requires a `nuget.config` file to be checked into the repository, with either a `< clear />` tag in `<packageSources>` section or a key `nuget.org` as true in the `disabledPackageSources` section of the `nuget.config` file.

This is an example of a `< clear />` tag in the `packageSources` section of the `nuget.config`.

Expand Down

0 comments on commit 4131302

Please sign in to comment.