-
-
Notifications
You must be signed in to change notification settings - Fork 66
/
task.json
262 lines (257 loc) · 11.4 KB
/
task.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
{
"$schema": "https://raw.githubusercontent.com/Microsoft/azure-pipelines-task-lib/master/tasks.schema.json",
"id": "d98b873d-cf18-41eb-8ff5-234f14697896",
"name": "dependabot",
"friendlyName": "Dependabot",
"description": "Automatically update dependencies and vulnerabilities in your code",
"helpMarkDown": "For help please visit https://github.com/tinglesoftware/dependabot-azure-devops/issues",
"helpUrl": "https://github.com/tinglesoftware/dependabot-azure-devops/issues",
"releaseNotes": "https://github.com/tinglesoftware/dependabot-azure-devops/releases",
"category": "Utility",
"visibility": ["Build", "Release"],
"runsOn": ["Agent", "DeploymentGroup"],
"author": "Tingle Software",
"demands": [],
"version": {
"Major": 1,
"Minor": 6,
"Patch": 0
},
"instanceNameFormat": "Dependabot",
"minimumAgentVersion": "2.105.0",
"groups": [
{
"name": "security_updates",
"displayName": "Security advisories and vulnerabilities",
"isExpanded": false
},
{
"name": "pull_requests",
"displayName": "Pull request options",
"isExpanded": false
},
{
"name": "devops",
"displayName": "Azure DevOps authentication",
"isExpanded": false
},
{
"name": "github",
"displayName": "GitHub authentication",
"isExpanded": false
},
{
"name": "advanced",
"displayName": "Advanced",
"isExpanded": false
}
],
"inputs": [
{
"name": "useUpdateScriptvNext",
"type": "boolean",
"groupName": "advanced",
"label": "Use latest update script (vNext) (Experimental)",
"defaultValue": "false",
"required": false,
"helpMarkDown": "Determines if the task will use the newest 'vNext' update script instead of the default update script. This Defaults to `false`. See the [vNext update script documentation](https://github.com/tinglesoftware/dependabot-azure-devops/pull/1186) for more information."
},
{
"name": "failOnException",
"type": "boolean",
"groupName": "advanced",
"label": "Fail task when an update exception occurs.",
"defaultValue": true,
"required": false,
"helpMarkDown": "When set to `true`, a failure in updating a single dependency will cause the container execution to fail thereby causing the task to fail. This is important when you want a single failure to prevent trying to update other dependencies."
},
{
"name": "skipPullRequests",
"type": "boolean",
"groupName": "pull_requests",
"label": "Skip creation and updating of pull requests.",
"defaultValue": false,
"required": false,
"helpMarkDown": "When set to `true` the logic to update the dependencies is executed but the actual Pull Requests are not created/updated. Defaults to `false`."
},
{
"name": "commentPullRequests",
"type": "boolean",
"groupName": "pull_requests",
"label": "Comment on abandoned pull requests with close reason.",
"defaultValue": false,
"required": false,
"helpMarkDown": "When set to `true` a comment will be added to abandoned pull requests explanating why it was closed. Defaults to `false`."
},
{
"name": "abandonUnwantedPullRequests",
"type": "boolean",
"groupName": "pull_requests",
"label": "Abandon unwanted pull requests.",
"defaultValue": false,
"required": false,
"helpMarkDown": "When set to `true` pull requests that are no longer needed are closed at the tail end of the execution. Defaults to `false`."
},
{
"name": "setAutoComplete",
"type": "boolean",
"groupName": "pull_requests",
"label": "Auto-complete pull requests when all policies pass",
"defaultValue": false,
"required": false,
"helpMarkDown": "When set to `true`, pull requests that pass all policies will be merged automatically. Defaults to `false`."
},
{
"name": "mergeStrategy",
"type": "pickList",
"groupName": "pull_requests",
"label": "Merge Strategy",
"defaultValue": "squash",
"required": true,
"helpMarkDown": "The merge strategy to use. Learn more [here](https://learn.microsoft.com/en-us/rest/api/azure/devops/git/pull-requests/update?view=azure-devops-rest-5.1&tabs=HTTP#gitpullrequestmergestrategy).",
"options": {
"noFastForward": "No fast forward",
"rebase": "Rebase",
"rebaseMerge": "Rebase merge",
"squash": "Squash"
},
"visibleRule": "setAutoComplete=true"
},
{
"name": "autoCompleteIgnoreConfigIds",
"type": "string",
"groupName": "pull_requests",
"label": "Semicolon delimited list of any policy configuration IDs which auto-complete should not wait for.",
"defaultValue": "",
"required": false,
"helpMarkDown": "A semicolon (`;`) delimited list of any policy configuration IDs which auto-complete should not wait for. Only applies to optional policies (isBlocking == false). Auto-complete always waits for required policies (isBlocking == true).",
"visibleRule": "setAutoComplete=true"
},
{
"name": "autoApprove",
"type": "boolean",
"groupName": "pull_requests",
"label": "Auto-approve pull requests",
"defaultValue": false,
"required": false,
"helpMarkDown": "When set to `true`, pull requests will automatically be approved by the specified user. Defaults to `false`."
},
{
"name": "autoApproveUserToken",
"type": "string",
"groupName": "pull_requests",
"label": "A personal access token of the user that should approve the PR.",
"defaultValue": "",
"required": false,
"helpMarkDown": "A personal access token of the user of that shall be used to approve the created PR automatically. If the same user that creates the PR should approve, this can be left empty. This won't work with if the Build Service with the build service account!",
"visibleRule": "autoApprove=true"
},
{
"name": "gitHubConnection",
"type": "connectedService:github:OAuth,PersonalAccessToken,InstallationToken,Token",
"groupName": "github",
"label": "GitHub connection (OAuth or PAT)",
"defaultValue": "",
"required": false,
"helpMarkDown": "Specify the name of the GitHub service connection to use to connect to the GitHub repositories. The connection must be based on a GitHub user's OAuth or a GitHub personal access token. Learn more about service connections [here](https://aka.ms/AA3am5s)."
},
{
"name": "gitHubAccessToken",
"type": "string",
"groupName": "github",
"label": "GitHub Personal Access Token.",
"defaultValue": "",
"required": false,
"helpMarkDown": "The raw Personal Access Token for accessing GitHub repositories. Use this in place of `gitHubConnection` such as when it is not possible to create a service connection."
},
{
"name": "securityAdvisoriesFile",
"type": "string",
"label": "Path for the file containing security advisories in JSON format.",
"groupName": "security_updates",
"helpMarkDown": "The file containing security advisories.",
"required": false
},
{
"name": "azureDevOpsServiceConnection",
"type": "connectedService:Externaltfs",
"groupName": "devops",
"label": "Azure DevOps Service Connection to use.",
"required": false,
"helpMarkDown": "Specify a service connection to use, if you want to use a different service principal than the default to create your PRs."
},
{
"name": "azureDevOpsAccessToken",
"type": "string",
"groupName": "devops",
"label": "Azure DevOps Personal Access Token.",
"required": false,
"helpMarkDown": "The Personal Access Token for accessing Azure DevOps repositories. Supply a value here to avoid using permissions for the Build Service either because you cannot change its permissions or because you prefer that the Pull Requests be done by a different user. Use this in place of `azureDevOpsServiceConnection` such as when it is not possible to create a service connection."
},
{
"name": "targetRepositoryName",
"type": "string",
"groupName": "advanced",
"label": "Target Repository Name",
"required": false,
"helpMarkDown": "The name of the repository to target for processing. If this value is not supplied then the Build Repository Name is used. Supplying this value allows creation of a single pipeline that runs Dependabot against multiple repositories."
},
{
"name": "targetUpdateIds",
"type": "string",
"groupName": "advanced",
"label": "Semicolon delimited list of update identifiers to run.",
"defaultValue": "",
"required": false,
"helpMarkDown": "A semicolon (`;`) delimited list of update identifiers run. Index are zero-based and in the order written in the configuration file. When not present, all the updates are run. This is meant to be used in scenarios where you want to run updates a different times from the same configuration file given you cannot schedule them independently in the pipeline."
},
{
"name": "updaterOptions",
"type": "string",
"groupName": "advanced",
"label": "Comma separated list of Dependabot experiments (updater options).",
"required": false,
"helpMarkDown": "Set a list of Dependabot experiments (updater options) in CSV format. Available options depend on the ecosystem. Example: `goprivate=true,kubernetes_updates=true`."
},
{
"name": "excludeRequirementsToUnlock",
"type": "string",
"groupName": "advanced",
"label": "Space-separated list of dependency updates requirements to be excluded.",
"required": false,
"helpMarkDown": "Exclude certain dependency updates requirements. See list of allowed values [here](https://github.com/dependabot/dependabot-core/issues/600#issuecomment-407808103). Useful if you have lots of dependencies and the update script too slow. The values provided are space-separated. Example: `own all` to only use the `none` version requirement."
},
{
"name": "dockerImageTag",
"type": "string",
"groupName": "advanced",
"label": "Tag of the docker image to be pulled.",
"required": false,
"helpMarkDown": "The image tag to use when pulling the docker container used by the task. A tag also defines the version. By default, the task decides which tag/version to use. This can be the latest or most stable version. You can also use `major.minor` format to get the latest patch"
},
{
"name": "extraEnvironmentVariables",
"type": "string",
"groupName": "advanced",
"label": "Semicolon delimited list of environment variables",
"required": false,
"defaultValue": "",
"helpMarkDown": "A semicolon (`;`) delimited list of environment variables that are sent to the docker container. See possible use case [here](https://github.com/tinglesoftware/dependabot-azure-devops/issues/138)"
},
{
"name": "forwardHostSshSocket",
"type": "boolean",
"groupName": "advanced",
"label": "Forward the host ssh socket",
"defaultValue": "false",
"required": false,
"helpMarkDown": "Ensure that the host ssh socket is forwarded to the container to authenticate with ssh"
}
],
"dataSourceBindings": [],
"execution": {
"Node16": {
"target": "index.js"
}
}
}