Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for disablePackageSources in NuGet.Config #3296

Merged
merged 3 commits into from
Mar 18, 2021
Merged

Add support for disablePackageSources in NuGet.Config #3296

merged 3 commits into from
Mar 18, 2021

Conversation

AshleighAdams
Copy link
Contributor

@AshleighAdams AshleighAdams commented Mar 18, 2021
edited
Loading

This prevents disabled package sources, such as those used for doing deploys to private package registries, from being used.

Will read, and disable, any repositories specified in disabledPackageSources in NuGet.Config, for example, the following github package source will not be used:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="github" value="https://nuget.pkg.github.com/AshleighAdams/index.json" />
  </packageSources>
  <disabledPackageSources>
    <add key="github" value="true" />
  </disabledPackageSources>
</configuration>

https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file#disabledpackagesources

Though I haven't tested, I strongly suspect that without this change, if a disabled source has a newer dependency version, that the PR dependabot creates would fail to build.

Edit: Confirmed, does trigger the bug, see AshleighAdams/dependabot-bug-poc#1

Fix #3295

@AshleighAdams
Add support for disablePackageSources in NuGet.Config
3d04496 
This prevents disabled package sources, such as those used for doing deploys to private package registries, from being used.

#3295
@AshleighAdams
Ran the linter and disabled Metrics/MethodLength
31be798
@AshleighAdams AshleighAdams marked this pull request as ready for review March 18, 2021 01:41
@AshleighAdams AshleighAdams requested a review from a team as a code owner March 18, 2021 01:41
@jurre
Copy link
Member

jurre commented Mar 18, 2021

Looks good 👍 I made one small suggestion inline

@AshleighAdams @jurre
Pulled disabled_sources parsing into its own method
49b849a 
- As suggested, `repos_from_config_file()` was getting too long, so pull the disabled sources parsing into its own method.
- Reenable the MethodLength metric for `repos_from_config_file()`.
- Includes a small optimization by @jurre.

Co-Authored-By: Jurre <jurre@users.noreply.github.com>
@AshleighAdams AshleighAdams requested a review from jurre March 18, 2021 12:25
@jurre jurre merged commit f5593cb into dependabot:main Mar 18, 2021
@AshleighAdams AshleighAdams deleted the nuget-config-disable-pkg-src branch March 18, 2021 19:48
@thepwagner thepwagner mentioned this pull request Mar 23, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jurre jurre jurre approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Disabled package sources are used in NuGet.Config
2 participants
@AshleighAdams @jurre