-
Notifications
You must be signed in to change notification settings - Fork 418
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
workaround broken dependabot #2455
Conversation
aha -- a condition should do it! |
@@ -1,4 +1,6 @@ | |||
<Project> | |||
<!-- Workaround https://github.com/dependabot/dependabot-core/issues/8490 --> | |||
<Import Project="eng/Versions.props" Condition="'$(MajorVersion)' == ''"/> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, typically when doing this a new property would get added to Versions.props called something like VersionPropsAlreadyImported
or something like that, and then that is what is checked here. Mainly in case MajorVersion
gets defaulted somewhere else or moved which might cause issues in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, it's temporary and if that happens there'll be 200 warnings so we'll know!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with this as a workaround, but would you mind explaining a bit more about the original issue and why this fixes it if possible?
Also, were you able to do a "dry run" or something similar (not familiar with dependabot so not sure if its even possible) to ensure that this change does workaround the issue?
Good point, let me do this in my fork to check it does actually work. |
OK testing this in my fork, it gets further, and makes PR's. They're only in global.json (maybe there's nothign to update currently in the directory.packages.props?). @joperezr can you look at these PR's and check we want PR's like this? https://github.com/danmoseley/aspire/pulls after that, dependabot still ends up failing, with errors like this.
with various package names. Nevertheless, I suspect it's now "useful" to merge this. |
scratch that, this is the real issue "Property 'NetCurrent' was not found.". Let me slap in another workaround and see. |
If I also add this other hack @joperezr is there value in the global.json PR's that it did create in my fork? If so, I suggest we merge this as is. It's low risk. If not, I suggest I close this and we wait for their workaround dependabot/dependabot-core#8490 (comment) |
bummer that the workaround isn't yet making the main dependencies we care about work. Regarding the global.json PRs that it does fix, IMO those are a bit less useful in the sense that these are tools that we use during our build, but not dependencies that get eventually deployed with user applications (as their version is only relevant when we build our repo). Those aren't really the primary reason why we'd want to setup dependabot. So my conclusion is that they would have some value, but just not the real value we are trying to get out from dependabot. Those tools still bugfix things, so I wouldn't discard the workaround in benefit of those PRs, my only concern would be about the potential of new tools affecting our build assets and not being able to catch those breaks during our build. |
OK I think there is some value and minimal risk in merging this for now just to get those PR's. Or happy to close. LMK |
This should work around dependabot/dependabot-core#8490 but it will create 232 warnings like
@joperezr do you know a way to disable these warnings centrally these days? If not, we can put this into another branch, and periodically set that to the default branch temporarily (so it's dependabot's target) and manually run dependabot, then merge any dependabot changes to main.. or something ...
Microsoft Reviewers: Open in CodeFlow